Tuesday, June 9, 2009

System Restore Worm Poses New Threat

System Restore Worm Poses New Threat

This new worm bypasses the ability of your XP and Vista loaded PC to use the System Restore feature to rollback the computer after infection, or operating system damage.

The worm is called W32.SafeSys.Worm and attacks a particular program called Deep Freeze.
Deepfreeze is a computer protection utility that prevents malicious code from writing to the hard drive itself. Any malicious code is written to a memory buffer which then gets erased upon reboot. The original hard drive data is untouched and can simply be reloaded during bootup.

The W32.SafeSys.Worm bypasses the Deep Freeze method and writes data to the biffer, which then enables irect writing to the hard drive sectors. Thus allowing full access to the PC's hard drive.

There are over 140 variants of the W32.SafeSys.Worm thus far. The best protection at this point is to Download the latest BKAV.