For many virus , worm, or Trojan computer infections, the UITS Support Center or University Information Security Office UISO will instruct you to reformat your hard drive erase Windows and reinstall Windows from scratch, even if your antivirus program or other antiviral tools can remove the virus or delete the infection. The reason for this instruction is that a threat usually exists beyond the virus, worm, or Trojan itself.
Often, the virus or worm itself is merely the carrier of something more malicious, and most current infections leave the computer open to further compromise. Following are examples:. The first two examples actively open a backdoor, through which other malicious programs can be loaded. The third turns an infected computer into a proxy , which allows someone to direct internet traffic through in order to obscure the source of the traffic.
The last installs a monitor that attempts to capture passwords and uploads them to some remote computer. It is extremely rare for a virus, worm, or Trojan not to permit or produce a further compromise.
In the case of infections that install backdoors, it can be nearly impossible to determine what came through before the backdoor was removed, and how compromised a computer is as a result. Erasing your Windows installation and reinstalling it is the only sure way to guarantee that no further compromises remain. This is document arrg in the Knowledge Base. Due to the complexity of this process and the knowledge and resources required to implement something like it, the mechanism appears to be out of the reach of most advanced threat groups in the world except the Equation group.
Stuxnet was radically ambitious and sophisticated, capable of penetrating air-gapped networks, but Kaspersky Lab said the Equation group had access to those zero-days even before they were used in Stuxnet and Flame. The Equation Group's Fanny can map air-gapped networks and allow "attackers to pass data back and forth from air-gapped networks. The researchers added that attackers infect their victims by methods such as physical media like CD-ROMs, USB sticks and exploits, web-based exploits, and Fanny self-replicating worm code.
Another interesting attack targeted Firefox 17 that was being used as a Tor browser; it used an unknown exploit. Kaspersky Lab gave an example of attacks that could be delivered via Java exploits to advertisements on popular Middle East websites as well as by visiting specific Islamic jihadist discussion forums; a PHP script, which was designed to work as part of the commercial forum platform vBulletin, exploited only forum visitors who were logged in; additionally those authenticated users had to come from specific IP address ranges.
Smith not her real name is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. Here are the latest Insider stories. Report abuse. Details required :.
Cancel Submit. In reply to johan davidian's post on August 15, Follow the instructions on the screen. How satisfied are you with this reply? Thanks for your feedback, it helps us improve the site. This site in other languages x.
0コメント