Thursday, December 12, 2013

Alureon Trojan Virus Warning - Trojan Infecting Computers last seen 2012, its active again.

Alureon is a trojan and bootkit which is designed, amongst other things, to steal data by intercepting a system's network traffic and searching it for usernames, passwords and credit card data.[1]Following a series of customer complaints, Microsoft determined that Alureon was the cause of a series of BSoD problems on some 32-bit Microsoft Windows systems which were triggered when some assumptions made by the malware author(s) were broken by update MS10-015.[2][3]
According to research by Microsoft, Alureon was the second most active botnet in the second quarter of 2010.[4]

 Trojan Looks Like :Microsoft Security Essentials 

(pop-up alert about trojan, virus, in win32)

Twice I've had a pop-up small window looking exactly like a Microsoft Security Essentials warning about 3 threats to my computer.  One was a trojan,  another was a virus,  and I cannot recall the 3rd,  but all had to do with files (Ithink) in win 32 and needed to be scanned and cleaned immediately. As I approached my search box to check the warning's validity,  the little window disappeared entirely,  but I tried to see where the infection were before they were gone.  Both yesterday and today,  that same alert appeared on the same site of a forum I belong to.  I did a complete scan of more than 1 million areas of my laptop and it found nothing. I'm assuming something is trying to infect my computer,  but is it already infected? If it shows up again,  I'll write down the files it claims are infected,  but where is that alert coming from, other than already having an infection that is not being picked up by MSE?  There was one word that jumped out at me for being incorrectly spelled.  Where do I go from here?
I have  Internet Explorer 8...v. 9.0.8
            Vista Home Premium...32 bit system...service pack 2
            Microsoft Security Essentials
            Auto-Update

Techie Says:
Unfortunately, these type of malware attacks are difficult to keep up with because they trick you into letting them install. They usually come from an infected web site, and usually through an advertisement. You get a pop-up from the infection and you click it to close the pop-up - which allows the infection to install.  They can also be delivered in a "drive-by" fashion with no action needed by the user due to the system being unpatched, no matter what security software is running.



While the rootkit is generally able to hide itself very effectively, circumstantial evidence of the infection may be found by examination of network traffic with a packet analyzer or of outbound connections (netstat). Sometimes the existing security software on the computer will report it, but mostly not.
 It may be useful to perform an offline scan of the infected system after booting an alternative operating system 
such as WinPE, as the malware will attempt to prevent security software from updating.
 The "FixMbr" command of the Windows Recovery Console and manual replacement of atapi.sys may be required to disable the rootkit functionality before anti-virus tools are able to find and clean an infection.[citation needed]
Various companies have created standalone tools that attempt to remove Alureon. Two popular ones are Microsoft Windows Defender Offline and Kaspersky TDSSKiller.

Arrests[edit]

On November 9, 2011, the United States Attorney for the Southern District of New York announced charges against 6 Estonian nationals and 1 Russian national in conjunction with Operation GhostClick. The U.S. is currently[when?] seeking to extradite them for running a sophisticated operation that used Alureon to infect millions of computers worldwide.[citation needed]

 http://en.wikipedia.org/wiki/Alureon#Removal

Trojan:win32/alureon scanner

 http://www.microsoft.com/security/scanner/en-ca/default.aspx
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Amazon