The return of data-destroying virus
12:01:00 | 11-09-2010

After a long absence, data-destroying virus has come back. About 20 days ago, Bkav virus monitoring system detected a virus programmed to delete all data in hard-disk drives, except for the drive that Windows was installed. The time of deleting data was preset by hacker on 1st, 20th, 21st and 29th monthly.

This virus is detected by Bkav as W32.Delfile.Worm. "Once infected to computers, the virus will copy itself to folder C:WindowsSystem32 and write one key to the registry. On a preset day, virus will destroy the data at computer startup. On other days, it renders files hidden and copies itself, disguised as real folders, which users would find it difficult to realize that their computers have been virus infected," Mr. Vu Ngoc Son, Director of Bkis R&D, said.    

This data-destroying virus, which used to be a rampant virus in the 1990s, caused a significant loss to users. W32.Delfile.Worm will leave intensive damage when it spreads on large scale since a lot of important information tends to be centralized on user's computers.

To protect computers from this kind of virus, users are recommended to use licensed antivirus softwares and scan for virus on a regular basis. They should back up their important data on other storage devices to ensure the data's safety upon incidents.

August 2010, virus spreading via Yahoo! Messenger has come back and widely spread.

In recent days, in forums, social networking sites, there has been much discussion about virus spreading via Yahoo! Messenger which was rampant 4 years ago.

For a long time, thanks to security researchers' warning and users' own experience after being infected, users take more caution with this kind of virus. However, due to the subjectiveness of users on receipt of links shared via Yahoo! Messenger, in the past few weeks, W32.Ymfocard.Worm (the latest variants of virus spreading via Yahoo! Messenger) has spread in large scale. 

Yahoo! Messenger users should be cautious upon receipt of strange links, even sent by their friends. They should also update the latest version of their antivirus software to protect their computers.

Adobe successfully patched /Launch vulnerability in Adobe Reader

On June 29, 2010, Adobe released the first patch for /Launch vulnerability in Adobe Reader which used to be exploited to widely spread. Right after that, Bkis security researchers pointed out that this patch could still be bypassed. In their next patch in August, Adobe has overcome this vulnerability.  

Before that, Adobe also confirmed Bkav's warning that the first patch still could not prevent hacker from executing the malicious code.   

To update the patch, you can use one of the following ways:

1.     Open Adobe Reader, choose Help / Check for Updates.

2.     Download version 9.3.4 or 8.2.4  (it depends on which Adobe Reader version you are using, version 8 or 9) from http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

Bkav