Shulou(Shulou.com)06/02 Report--

Recently, the safe brain intercepted a kind of VBR***, that spread mainly through all kinds of downloaders, infecting users' computers on a large scale. Because it has super concealment and latent, at the same time is very good at spreading itself, has a strong flexibility, so 360 security experts named it "inverse ghost".

The full name "VBR" is Volume Boot

Record (Volume Boot record), which is responsible for loading the operating system bootstrap, starts earlier than Windows. Therefore, once VBR is infected, malicious code will get a hidden living space, which is difficult to be detected by traditional antivirus software, and this time 360 exclusively found the whereabouts of "inverse ghost".

According to the analysis of 360security researchers, after successfully running through the downloader to the target machine, the "inverse ghost" will first release the white files to the temp folder directory, and then use it as a cover for subsequent acts.

In fact, in general, in order to obtain more benefits at one time, before performing malicious operations such as mining, number theft, DDoS and so on, they will first infect users of a certain order of magnitude, and then "centrally detonate". However, this "reverse ghost" died early: it was first discovered by 360 security guards before a certain degree of early transmission, not to mention expanding the scope of infection and seeking more benefits. even the downloader that spread it was also wiped out by 360 security guards.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.