A computer virus is designed to infect files on a computer system through self-replication. It is capable of spreading to other computers on its own. Methods of infection include: infecting other files, email attachments, boot sectors of portable drives, instant messaging, and directly through security vulnerabilities in an Operating System or application. Not all computer viruses have a malicious payload, however, many do. Virus payloads are designed to do everything from deleting files on your computer to stealing your private information. Some are just made to disrupt operations on your computer or can be combined with other computer malware in a more complex package. 

Methods of Computer Virus Infection

For a virus to spread, it has to execute its code and write to memory on a computer or computer periphery’s memory. Many viruses and other computer malware will attach themselves to legitimate applications or multimedia files in order to get the end-user to run them. There are two types of viruses that are classified based on the behavior observed after execution: resident and non-resident. A resident virus will not look for new hosts or other computers when executed. Instead, it will load itself into memory and then infect new hosts when the infected program is accessed. Non-resident viruses immediately search for new hosts to infect once they are executed.

To date, there have been a small number of iPhone viruses that put users of the popular phone at risk. For your phone to become infected with the previously known iPhone viruses, you would need to visit a malicious website with your phone or open an infected email. As of Wednesday 29 July 2009, this is not longer the case after information was released on a critical vulnerability in the iPhone at the Black Hat Security Conference in Las Vegas as reported by Elinor Mills on CNET News.

IPhone Virus Vulnerability?

Ms. Mills writes about her first-hand experience with the iPhone researchers at the Black Hat conference. She describes how they were able to take complete control over her iPhone, merely by sending special SMS Text messages to her phone. The text messages take advantage of a memory corruption problem inherent to the iPhone and several other models of web-enabled phones. The catch with the new vulnerability? You can’t prevent a malicious hacker from attacking your iPhone unless he or she just doesn’t know your phone number! A hacker can simply knock you off of the air with the attack, or take full control of your phone if you do not catch the attack when it is occurring.

Actions to Take if Your iPhone Is Attacked

 It’s still too early to tell, but in Ms. Mill’s article the researchers recommended:

“Rebooting wouldn’t be a bad idea. It would stop all but the most sophisticated attacker. However, it doesn’t take but a second to grab all your personal info from the device, and as soon as you turn it back on, the bad guy could attack you again. That’s why I think this is so serious.”

 Apple apparently has known about the vulnerability of the iPhone for over 6 weeks, and there is not a patch readily available yet. At this point, to me it seems you have two options depending on the sensitivity of data you access via your iPhone:

1 – Do nothing. Apple may patch this vulnerability before a script kiddie or other hacker gets hold of the “How to Hack the iPhone” and uses it on your phone…or

2 – Take action now to remove sensitive data from your iPhone before you are attacked.

 Option 2 requires more work on your part, but do you really want to have your privacy attacked through a problem you can help mitigate today?

Refs:

http://news.cnet.com/8301-27080_3-10299378-245.html

http://www.examiner.com/x-14795-Page-One-Examiner~y2009m7d30-iPhone-virus

http://salaswildthoughts.blogspot.com/2009/07/new-iphone-virus-iphone-hack-released.html

http://forums.macrumors.com/showthread.php?t=411460

WIN.32 Atak Computer Virus Description

The Win32 Atak virus is a malware program that transmits itself through spoof emails and various infected emails. Email malware are fairly common, and many victims fall to their traps each year. It spreads rapidly in search of new computers to infect.

WIN.32 Atak Malware Installation

This email malware starts on someone’s computer, searches for specific email addresses, and then transmits itself to every single one of them. It continues to spread by repeating the process. It uses duplication to stay on the same computer and to continuously send fake emails to victims.

How does WIN.32 Atak Infect Your Computer?

It infects your computer when you download an infected email attachment received from a remote or unknown source. Sometimes it automatically downloads the attachment where the win32 atak is stored. It then proceeds to duplicate itself into your PC registry.

WIN.32 Atak MalwarePayload

It can be a dangerous malware, because the win32 atak has the ability to cancel and possibly delete anti-virus software. This is a scary concept because an anti-virus program is often seen as a safety net. It doesn’t do much good if the virus is actually canceling the anti-malware programs out. You can protect yourself by using strong passwords and avoiding suspicious links, emails, and anything else you don’t recognize. This virus has a high alert level, and can be destructive. If it isn’t removed quickly enough, your computer can become severely damaged.

WIN.32 Atak Malware Processes and Files

Variants of this malware include using backdoor ports to receive files from the attacker, and different names so that it may go undetected. These variants include: Win32/Atak.B@mm and Win32/Atak.C@mm.

Removal of the W32.Atak Zip Computer Virus From Your Computer

The W32.Atak Computer Virus is complex and it is not recommended to attempt manual removal. Automatic removal using an updated anti-virus program is the recommended means for removal.
Click here for automatic removal instructions for removing the W32.Atak Computer Virus.

Win32.Mawar Description

Win32.Mawar is labeled as a computer virus, but it is really just a script labeled as malware by most anti-virus companies. It is also known by the names JS_AUTORUN.ABE, Mawar.js, and AhPaw.js.

Win32.Mawar Symptoms
You will see the following indications if your computer is infected with Mawar:

- Your Windows Explorer and/or the Internet Explorer window title is changed to Mawar.js or AhPaw.js
- When you right-click any drive inside the My Computer section of your computer, the default option which is “Open” is not the first choice. It will be labeled “Op%n” or “Search” instead of the default, bolded “Open”.
- Double clicking a drive on your computer won’t open it. Instead it will perform another operating system function such as “Search”.
- You have to go to the address bar and select your drive from the small arrow icon to open it, instead of double-clicking the drive.

How to Remove Win32.Mawar
Manual Instructions – Conduct at your own risk! Use a anti-virus or anti-malware program if you have one available first!
1. Disable System Restore on your computer by doing the following:

- Right click the “My Computer” icon on your computer and select “Properties->System Restore” and check the “Turn Off System Restore” option.
(Right click My Computer –> Properties –> System Restore –> check at the Turn Off System Restore box –> OK

2. Restart your computer in Window Safe Mode

Reboot your computer normally, then push the “F8” key rapidly until you get the reboot menu. Then choose the “Safe Mode” rebooting option.
3. Login to your computer in administrator mode.
4. Unhide all Hidden Files and protected Operating System Files

- Open “My Computer” then select “Tools->Folder Options->View” and check the “Show hidden files and folders” radio button followed by unchecking the “Hide protected operating system files (Recommended) button.
- Click “OK” to apply the changes
5. Go to My Computer –> C:\ drive (or any additional/removable drive) find the following files through searching the drive and delete them: autorun.ini, VirusMwrdy.js, ahpaw.js.
6. Go to My Computer again, and right-click C:\ drive
- Click Properties –> Disk Cleanup –> More Options –> System Restore –> Cleanup.. –> click Yes when asked –> then choose the “Ok” menu option.
7. Remove Mawar Registry Entries
- Click Start — > Run –> input “regedit” and click the “enter” button on your keyboard.
- Search the registry for VirusMwrdy.js, ahpaw.js, and delete all keys found on the searches. For mawar, also enter mawar on a separate search and ahpaw for AhPaw.js.

8. To fix your windows and Internet Explorer title bars, delete this entry from your registry:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
9. Reboot your computer normally after finishing with the registry deletions.

W32.Badtrans Computer Virus Description

W32 badtrans is an email malware that transmits itself through fake emails in an attempt to infect your computer. It is considered a high risk threat because so many emails are transferred each day, raising the risk level.

W32.Badtrans Malware Installation

It installs malicious files on your hard disk by exploiting weaknesses in Windows 95, 98 and ME. It may work differently with newer operating systems. This malware copies itself to your system directory and poses a risk to your entire system. It cannot be seen in the task manager.

How W32.Badtrans Infects Your Computer?

This virus is downloaded from an email attachment. After it is executed it proceeds to install itself into your system directory. The win32 badtrans is a high risk malware. It is a combination of a worm and Trojan, making it slightly tricky to remove.

W32.Badtrans Malware Payload

Payload includes personal data theft and downloads and uploads from various sites. The worm monitors keystrokes and uploads password data and very personal information. Since it is downloaded from emails, unsuspecting recipients are likely to download it without knowing. Infected emails could have jumbled information, blank information, or forwarded “junk”.

W32.Badtrans Malware Processes and Files

The W32.badtrans can be identified by several different processes and installed filenames. In the infected email one of the attachments might look like the following list:

fun.pif
Humor.TXT.pif
docs.scr
s3msong.MP3.pif
Sorry_about_yesterday.DOC.pif
Me_nude.AVI.pif
Card.pif
SETUP.pif
searchURL.scr
YOU_are_FAT!.TXT.pif
hamster.ZIP.scr
news_doc.scr
New_Napster_Site.DOC.scr
README.TXT.pif
images.pif
Pics.ZIP.scr

Other “fake” files may appear in an infected email. Other variations of the worm may includeWin32.Badtrans.13312 in addition.

Removal of W32.Badtrans From Your Computer
The W32.badtrans virus is complex and it is not recommended to attempt manual removal. Automatic removal using an updated anti-virus program is the recommended means for removal.
Click here for automatic removal instructions for removing the W32.badtrans Virus.