PCMAV

The first sequence in June 2009 still the same : Conficker, followed by Autoit and FullHouse. In addition there are some viruses that the new entrance to the ranking of the ten big as this Nhatquanglan and Hotum.vbs. For more details, please see the following list:

1. Conficker

With sophisticated technology this virus spread is unusual. Of which is the DLL file (Dynamic Link Library) to distinguish them with most other viruses in the form of EXE. Capability can also held disetarakan with the rootkit. And, are pro-polymorphic making them have a body change. At the infected computer, users will not be able to open the site “smelly” antivirius or Microsoft update. The virus is also active in Indonesia, spread by using a removable media disk eg flash disk. In the flash disk infected, you will find a file autorun.inf and RECYCLER directory in which there is a sub-directory with the name eg S-5-3-42-2819952290-8240758988-879315005-3665, and in this directory there are files with the virus Conficker jwgkvsq.vmx name usually is the actual DLL file.

2. Autoit

Most variants of the virus-based import script using this as a folder-like icon. This virus has the ability to do the auto update to multiple sites. He can also take advantage of Yahoo! Messenger as media distribution intermediaries to send a message with a link to each contact person in the Y! M victims.

3. FullHouse

A virus that is made using Visual Basic. In action, it extract images “Han Eun ji”, one of the leaders in the series Full House. One of the parent file hide in RECYCLER folder, and will create a autorun.inf file on the target drive to be running automatically.

4. Recycler

Which is the characteristic of the virus from this technique is, how it spread. Namely “hide” in Recycler directory / Recycler / Recycle Bin. He is also known to apply techniques code code injection so that the virus can “nyangkut” on explorer.exe. This is done to make user or even anti-virus program to kill him.

5. Nhatquanglan

This virus is created using Visual Basic. Two new variants that we met 101KB and 81KB size, similar to using a folder icon. One is something special to block some sites manipulate files with antivirus hosts.

6. Hotum.vbs

One more local type of virus known as VBScript Hotum.vbs. Have approximately the size of 8KB. He will be active with the automatic change the Windows registry userinit property and create new items run. Easy to identify the computer that was infected with this virus. View information on the hours in the windows lower right corner, the PM will be replaced to “Hotum” while for the PM changed to “Tombom”

7. Risa

The virus has the size of 42KB, with the condition of one-pack using UPX. Icon resembling the folder. When a computer infected with this virus, will be a lot of the folders found in every corner of spoofery drive. He can also go to the flash disk, flash disk will be in there are some files with names such as Kumpulan Puisi cinta palsu.exe”, “Rahasia (Jangan dibuka).exe”, and other. Message from the creator of the virus also can be found in the Windows directory with the name “Wasiat.html”, or on the root drive C: with the name “Puisi_untukmu_bang.html”.

8. LegendOfAang.vbs

Virus that is created using VBScript in the present condition encrypted. In the picture above you can see the virus file is in a condition that has been encrypted and the decrypt. He has a size of about 13KB. When in action, he tried to delete the vbs file to the possibility that another virus. On the removable disk will also be infected autorun.inf file there is the property of this virus. And to be able to automatic running, it userinit change items in the registry that referred to himself.

9. Astuty

This virus have a message of love delivered in a browser. The message file may be found in the Windows directory with the name Notic.htm. He used similar document icon in msword penyamarannya. Approximately 617KB in size, in-pack using UPX. Virus will forge file. DOC that he found, in a way hide the file. DOC gave the original with the hidden attributes, and replace it with a virus with the file name of the file that is almost the same.

10. Vanpraja

This virus will exclude the image file in the resources of the body, one with the name of “Hacked by v@nP.jpg” as seen above. Extract the files in the root drive to some of the victims found in the computer. Physically, he resembles the msword document file, the file size of 96KB, and in-pack using UPX. The creator of the virus promote their schools to spread the way a text file that contains the campaign to each drive including the root.