Rus News Journal

Incorporeal the virus has masked in a banner network

Experts Kaspersky`s Laboratories have found out unique attack in which course malefactors used the harmful program, capable to function without creation of files on the infected system. For distribution of a harmful code the network including a number of popular Russian news resources has been involved tizernaja.

during spent by experts Kaspersky`s Laboratories researches it has been established that to infection visitors of sites of some Russian online - the mass-media, using on the pages tizery were exposed to a network organised by means of technologies AdFox. At loading of one of tizerov news the browser of the user it is reserved perenapravljalsja on the harmful site containing Java - eksplojt. However unlike standard drive - by attacks the harmful program was not loaded on a hard disk, and functioned exclusively in operative memory of the computer.

operating, as a boat, zlovred sent on the server of malefactors inquiries and the data about stories of visiting of sites from the browser of the user. If in the transferred data the information on use of system of remote bank service contained, on the infected computer Trojan Lurk intended for plunder of the confidential information of users for access to systems online - bankinga of some large Russian banks was established.

however it has been during the investigation established that network AdFox is not an infection source. Changes by addition to them of the reference to a harmful site have been brought in a code of banners of announcements of news by malefactors from an account of one of clients AdFox.

We deal with unique attack. Use by malefactors tizernoj networks is one of the most effective ways of installation of a harmful code, in view of presence on it of references from a considerable quantity of popular resources, - the main anti-virus expert " makes comments; Kaspersky`s Laboratories Alexander Gostev, - Besides, we for the first time for some last years have faced a rare version zlovredov - so-called incorporeal harmful programs which do not exist in the form of a file on a disk, and function exclusively in operative memory of the infected computer that considerably complicates process of its detection by means of an antivirus .

In spite of the fact that incorporeal programs are capable to work only before operating system reboot, probability of that the user will get again on the infected news site, is high enough. In the unique reliable way of protection against the harmful programs, using vulnerability timely installation of updatings is.