As I mentioned before, malware starts to become smart and hard to detect. I had few experience while submitting a sample to totalvirus.com which the result I got not fully detected by all antivirus distributors. I do not know why but I assume they have a problem to identify it as a malware because it not give a lot of problem to computer and usually this kind of malware is not start/execute/run payload at normal startup services.

With conjuction of my article on Detecting and removing malware without antivirus software (To beat and trick virus) , the truth is about my latest finding of a new virus. Maybe it is an old virus reported by many antivirus distribution companies other than TrendMicro.

The virus is called WORM_UTOTI.BL (TrendMicro). The virus was very smart and made me wonder why TrendMicro took a long time to respond on it.

Worm Conficker pertama kali dikesan pada November 2008. Sehingga kini telah terdapat banyak variant untuk worm ini semenjak dari variant pertama A, B, C, D dan terbaru E yang ditemui pada 7 April 2009. Worm ini menggunakan 3 langkah untuk merebak. Pertamanya, adalah mengeksploitasi vulnerablity (MS08-067) yang menjadi keutamaan. Seterusnya melalui Windows sharing service dan penstoran luaran seperti thumbdrive dan external harddisk.

Dari variant pertama sehingga yang terbaru, penciptanya sentiasa mempelajari sifat manusia dan PC seterusnya menggunakan tingkah laku manusia dan PC untuk menyebarkan worm ini walaupun 3 langkah di atas telah dapat diatasi oleh pengguna komputer. Dengan ini, telah pasti kemungkinan serangan Worm Conficker jenis baru akan muncul.

First of all, i am sorry to write this article in English (bad one) because i found out there is no one discuss about this matter other than Ching Tim Meng at Hack in the Box 2008. I was glad to see this kind of idea how to beat malware without any antivirus although i already know how to do it before i knew about this class. I only got into his class 15 minutes before it end. But i understood whatever in the class from the handout (slides). The knowledge is not giving us an idea to not use an antivirus but more to how to identify unknown malware and virus.

 

Windows Defender adalah satu tool yang tawarkan oleh Microsoft bagi mengimbas dan memperbaiki software jahat (malware) yang dikenali. Tool ini dibekalkan pada setiap Windows Vista dan boleh muat turun untuk diinstall pada Windows XP. Tapi XP, kena buat validation dahulu sebelum download.