New Chinese Worm Bypasses System Rollback Software

[Peaches]

New Chinese Worm Bypasses System Rollback Software - Interacts directly with the disk controller in order to infect protected computers

By Lucian Constantin, Web News Editor

9th of June 2009, 12:24 GMT

"Security researchers from Bach Khoa Internetwork Security (Bkis) warn of a new worm that is able to bypass the protections enforced on the file system by software such as Deep Freeze. The malware was discovered in early March and has already made thousands of victims in Asia.

Deep Freeze is an application developed by Faronics to help administrators restore computers to a secure state after being used by untrusted parties. Such software is very popular in environments with many casual users such as cybercafés, libraries, or computer labs in schools.

"The software can monitor any change in sectors (data storage area) in hard disk partitions and save the changes in another area (buffer). When normal programs retrieve these sectors, they will reach the data in the buffer rather than in the original sectors," Vu Ngoc Son, senior malware researcher at Vietnam-based Bkis, explains."

story at softpedia - http://news.softpedia.com/news/New-Chinese...re-113677.shtml