An emergency tool for removing incorrect/damaged installations of Dr.Web for Windows. The supported versions are 4.33, 4.44, 5.0, 6.0, 7.0, 8.0, 9.0, 10.0, 11.0, 11.5, and 12.0. The utility can also be used with Dr.Web KATANA 1.0 and Dr.Web Enterprise Suite client software of the same versions in cases when standard removal tools are. Dr.Web — innovative anti-virus technologies. Comprehensive protection from Internet threats. Dr.Web—the Russian anti-virus. The Russian developer of Dr.Web anti-virus software, Doctor Web is one of few anti-virus vendors to have its own malware detection and curing technologies. The Dr.Web anti-virus, whose origins date back to 1992, is one of the world’s first anti-viruses.
Sometimes, it‘s enough just to visit a malicious or fraudulent site for your system to get infected, especially if you have no anti-virus protection. Even legitimate websites can get hacked by attackers. In addition, there are websites that won‘t harm your PC, but if you‘re exploring them from your smartphone, you‘ll be stealthily redirected to a site containing an unpleasant 'surprise'. With the help of compromised websites, cybercriminals can spread various malware programs, the most 'popular' being various modifications of Android.SmsSend. A victim‘s losses depend on what type of Trojan family has penetrated their mobile device, i.e., the type of malicious payload it‘s carrying. Read about the details of this phenomenon in our news post.
If a website looks suspicious, you can check it on this web page before clicking on the unknown link.
Add into your website‘s code the form used to check files and links (URLs), and visitors to your site can use this service free of charge.
Dr.Web URL filter
Install Dr.Web Security Space for Android which comes with a component called an URL Filter. This module will prevent anyone using your device from accessing non-recommended and potentially dangerous sites that fall into several categories; this is especially important for protecting children from unwanted Internet content.
The URL-Filter is included only in the full version of Dr.Web for Android (it is not available in Dr.Web for Android Light). When you buy Dr.Web Security Space or Dr.Web Anti-virus, you get to use Dr.Web Security Space for Android free of charge.
Dr.Web Link Checker
Dr. Webb Mccanse Urology
A free extension for checking web pages and files downloaded from the Internet.
Dr Web Cureit It
Expand your knowledge
Back to news
April 4, 2012
Systems get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system. JavaScript code is used to load a Java-applet containing an exploit. Doctor Web's virus analysts discovered a large number of web-sites containing the code. The recently discovered ones include:
- godofwar3.rr.nu
- ironmanvideo.rr.nu
- killaoftime.rr.nu
- gangstasparadise.rr.nu
- mystreamvideo.rr.nu
- bestustreamtv.rr.nu
- ustreambesttv.rr.nu
- ustreamtvonline.rr.nu
- ustream-tv.rr.nu
- ustream.rr.nu
According to some sources, links to more than four million compromised web-pages could be found on a Google SERP at the end of March. In addition, some posts on Apple user forums described cases of infection by BackDoor.Flashback.39 when visiting dlink.com.
Dr. Webb Dentist
Attackers began to exploit CVE-2011-3544 and CVE-2008-5353 vulnerabilities to spread malware in February 2012, and after March 16 they switched to another exploit (CVE-2012-0507). The vulnerability has been closed by Apple only on April 3 2012.
The exploit saves an executable file onto the hard drive of the infected Mac machine. The file is used to download malicious payload from a remote server and to launch it. Doctor Web found two versions of the Trojan horse: attackers started using a modified version of BackDoor.Flashback.39 around April 1. Similarly to the older versions, the launched malware first searches the hard drive for the following components:
- /Library/Little Snitch
- /Developer/Applications/Xcode.app/Contents/MacOS/Xcode
- /Applications/VirusBarrier X6.app
- /Applications/iAntiVirus/iAntiVirus.app
- /Applications/avast!.app
- /Applications/ClamXav.app
- /Applications/HTTPScoop.app
- /Applications/Packet Peeper.app
Dr. Weber
If the files are not found, the Trojan uses a special routine to generate a list of control servers, sends an installation success notification to intruders' statistics server and sends consecutive queries at control server addresses.
It should be noted that the malware utilizes a very peculiar routine for generating such addresses. It can also switch between several servers for better load balancing. After receiving a reply from a control server, BackDoor.Flashback.39 verifies its RSA signature and then, if successful, downloads and runs payload on the infected machine. It may get and run any executable specified in a directive received from a server.
Each bot includes a unique ID of the infected machine into the query string it sends to a control server. Doctor Web's analysts employed the sinkhole technology to redirect the botnet traffic to their own servers and thus were able to count infected hosts.
Over 550 000 infected machines running Mac OS X have been a part of the botnet on April 4. These only comprise a segment of the botnet set up by means of the particular BackDoor.Flashback modification. Most infected computers reside in the United States (56.6%, or 303,449 infected hosts), Canada comes second (19.8%, or 106,379 infected computers), the third place is taken by the United Kingdom (12.8% or 68,577 cases of infection) and Australia with 6.1% (32,527 infected hosts) is the fourth.
Doctor Web recommends Mac users to download and install a security update released by Apple from support.apple.com/kb/HT5228 to prevent infection of their systems by BackDoor.Flashback.39.
Tell us what you think
To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.