Beware, Stuxnet virus

Still remember the alias Stuxnet Winsta? Viruses that are popular causes disk space becomes full, any remaining hard disk capacity so that you can not save the file. Now, there is a type of virus made in local Stuxnet which will also result in hard drive becomes full, but with different methods.

"To spend the rest of the disk, it will make virus file in number in the hundreds in every folder that was determined," said Taufik Juhar Adang, Senior Vaksinis Vaksincom, in his statement, October 5, 2010. "But 'fortunately' this virus will only attack the master drive [C: \] alone."

To simplify deployment, Adang said, he will utilize the autorun feature of Windows and also spreads by exploiting a USB flash disk media and networks (full access). In addition he will also be spread through peer to peer file sharing like Kazaa, Morpheus or any other program to create several files in the directory specified.

Adang said, in an effort to spread, the virus will use social engineering to take advantage of file compression program (WinRAR) with the characteristics using WinRAR icon, the file size 60KB, and the file extension *. exe.

"The technique used is not just mendompleng WinRAR program icon, but more than that, it will activate itself automatically when the user starts the program WinRAR or files that have been compressed using WinRAR," Adang said.

If the target computer program is not installed WinRAR, Adang said, he was preparing another method for themselves can be activated automatically. "How to do a 'diversion' when the user runs the file with the extension that has been determined."

To complicate the process of elimination, it will block some Windows features such as Search, Folder Options and Run. "He also would block security tools or when the user accesses a folder with a name that has been determined by reading the caption text or the name of the application. If the user opened it, he immediately closed it again, "Adang said. "In addition he will also be blocked when a user installs the program / application to open Notepad application."

Not only that it will be done by this virus, it will also hide files MS Office (MS Word) located in the directory [C: \ Documents and Settings \% username% \ My Documents] and create a replacement file [in the form of the virus file] according to MS Word file name.

To clean this virus with an optimal, Adang said, you need to use anti-virus database up to date. With the latest updates, the antivirus will detect this virus as W32/Suspicious-Gen2.CAHWJ or Backdoor.Trojan.