Strange things around Brontok

Creator of the virus suspected Brontok from the Bandung Institute of Technology (ITB), but had no evidence about it except that the reports about the virus began to spread in the ITB. This update the virus itself from a site on the Internet, but really only one analysis, which states this. Even with the URL to know from where the virus is to update itself, we can do the following:

* Track who is the owner of the site, and in the case of free web site, certain parties (ISP administrators, etc.) can be asked to track people who register for the site or access the site the first time (most likely the creator of the virus).
* Administrators can block viruses in URLs update the level of proxy or firewall.
* With view the log, administrators can track the computer where the infected Brontok.

The only local analysis, which states that the virus update himself comes from an antivirus company, which formed a local partnership with an antivirus companies overseas. But even though the company is strange to know that the virus has to update himself, he did not mention the URL update the page, although I have a personal question via email. Does the company does not know the URL? (less versed in analyzing virusnya), or they accidentally let a virus that had the opportunity to update themselves and get the company speculate? (second possibility is the same mengkhawatirkannya).

The virus was not only able to update itself, but also download a list of files that need to be removed before the update is done, meaning that the virus was considered only exacerbate this fact also can be dangerous. And the actual file update virus it could not contain the new virus, but contains the code to format your computer.

Early versions of the virus only attacked the site and 17tahun.com israel.gov.il, but long-time start attacking other sites, such as www.kaskus.com, and even personal sites (blogs) as fajarweb.com, does personal revenge by the virus on this particular person?

Creator of the virus include these words in virusnya:

! They will Kubuat (VM's local sloppy & stupid) LINK!

And in the latest version Brontok, he had tried to delete filthy viruses such as local / decoy, mustache, Fawn, nostalgic, and riyani_jangkaru (my knowledge about the virus locally rather minimal, so this only dafar I know). Elimination of the virus part of local harmonized enough, with the task to kill the virus, delete the file viruses, and even menormalkan attribute file documents created by a hidden viruses other (but cleaning the registry is modified viruses do not do).

This article will make my seobjektif may, with the analysis that in and accurate. This article can be a correction at a time for information analysis Brontok in the content of other sites that are sometimes not accurate.
Facts and notes

Some statements in this article may be a certain prejudice, by because I want to tell you some facts about myself:

1. Currently I am not a Windows user again, although I still have a Windows partition that I use for purposes such as this (analysis of the virus, try, try and Windows programs). I do not store data in Windows, so a kind of experiment is safe enough for me. Everyday I use Mac OS X on my iBook G4, and GNU / Linux (Fedora Core 4) on AMD64. Because not a Windows user, my little knowledge may be behind in terms of applications in Windows, but low-level technical knowledge of Windows I always update.
2. Currently I do not work in the security business or have business-related security. Any statement on my other business entities are not intended to benefit myself. My job is a teaching assistant at the Department of Information Engineering School of Electrical and Information (first part of the Faculty of Industrial Technology) Bandung Institute of Technology.
3. I am not a cracker, I'm not the people from both groups of virus creators groups outside the country and Indonesia.
4. I only have the older version Brontok (Brontok sample taken from a lab at ITB), and the latest version (Brontok sample taken from the Jakarta State University / UNJ), a version of which I do not have.
5. I do not include the URL various tools that I use, because the URL for the tools that can help the process of cracking usually always shifting, use Google to search tools, tools that I mentioned.
6. I do not make antivirus software for Brontok this, please use your existing antivirus software (I do not want to take pains to update the antivirus Brontok always updated, many antibrontok on the Internet is no longer able to detect, delete, or Brontok handle the new version) . The antivirus software on the market with the latest update should have been enough. However, if this Brontok increasingly difficult diberantas, I will make antivirus software for special Brontok. However, I provide cleaning Brontok step manual for the various generic versions Brontok at this time.