 |
|
|
| News, removal tools, how to delete viruses, trojans, worms |
|
Web-Based Threats Dominate BitDefender's August List of Top E-Threats -- Posted by Igor_Donchenko on Thursday, September 11 2008
Web-based e-threats dominated BitDefender's Top Ten E-Threats in August. According to BitDefender analysts, the list features three variants of the Wimad trojan downloader, a fake codec downloader usually found on malicious websites. The very common ad-serving Trojan, Clicker.CM, once again heads the list this month.
At number two on the list is the Trojan,Qhost.AKR, a piece of malware aimed directly at BitDefender users which tries to disable the antivirus' update feature, thus rendering the host defenseless. A generic detection for a Flash exploit (used by multiple pieces of malware) can be found in sixth place, while Trojan.Swizzor.1, another very old and very common web-based threat, comes in at number seven.
At number eight is an ActiveX exploit used to trick a browser into downloading and installing malware. The exploit targets an ActiveX control called Sina DLoader, which can be found on legitimate Chinese websites. The systems of users who have run it are at risk, but this is a rare occurrence outside of China.
A trojan that spreads via P2P file sharing can be found in the ninth spot, while last place was grabbed by a past menace, a downloader for fake antivirus package "XP Antivirus."
"XP antivirus used to come with a valid digital signature and a lengthy EULA from sites with security-related names; it was somewhat of a champion in the social engineering area, convincing victims that it was in fact a legitimate piece of security software," said Sorin Dudea, Head of BitDefender AV Research. "Having the malware's digital signature revoked by GlobalSign and the people who ran sites hosting it being denied further anonymity by Directi has put a dent in the operation."
| Pos | Name | % | | 1 | Trojan.Clicker.CM | 7.38 | | 2 | Trojan.Downloader.Wimad.A | 5.35 | | 3 | Trojan.Downloader.WMA.Wimad.N | 3.89 | | 4 | Trojan.Downloader.WMA.Wimad.S | 2.87 | | 5 | Trojan.Qhost.AKR | 2.58 | | 6 | Exploit.SWF.Gen | 2.56 | | 7 | Trojan.Swizzor.1 | 2.51 | | 8 | Exploit.SinaDLoader.A | 2.38 | | 9 | Trojan.Autorun.TE | 2.06 | | 10 | Trojan.FakeAlert.Gen.1 | 1.88 | | OTHERS | 66.55 |
Source: http://www.bitdefender.com
Monthly Malware Statistics for August 2008 from Kaspersky Labs -- Posted by Igor_Donchenko on Tuesday, September 9 2008
In its second month of compiling data, the new Kaspersky Security Network (KSN) technology revealed some significant changes amongst the most widespread malicious programs.
The first table is based on statistics provided by our 2009 antivirus products. This table shows the malicious programs detected on users' computers.
| Position | Change in position | Name | | 1 | 0 | Trojan.Win32.DNSChanger.ech | | 2 | New | Trojan.Win32.Pakes.kab | | 3 | New | Trojan-Downloader.Win32.Agent.xqz | | 4 | New | Trojan-Downloader.Win32.Agent.yaw | | 5 | New | Trojan-Downloader.Win32.Agent.xws | | 6 | New | Trojan-Downloader.Win32.Small.zie | | 7 | New | Trojan-Downloader.Win32.Agent.xna | | 8 | New | Trojan-Downloader.JS.Agent.chk | | 9 | New | Trojan.Win32.Agent.tfc | | 10 | 6 | not-a-virus:AdWare.Win32.BHO.ca | | 11 | New | not-a-virus:AdWare.Win32.Agent.cp | | 12 | -3 | Trojan.Win32.Agent.abt | | 13 | New | Trojan-Dropper.Win32.Agent.tbd | | 14 | New | not-a-virus:AdWare.Win32.BHO.sc | | 15 | New | not-a-virus:AdWare.Win32.BHO.vp | | 16 | New | Trojan-GameThief.Win32.OnLineGames.sjbb | | 17 | New | Trojan-Clicker.Win32.Agent.bkd | | 18 | 1 | Trojan.Win32.Chifrax.a | | 19 | New | Trojan.RAR.Qfavorites.a | | 20 | New | Trojan-GameThief.Win32.OnLineGames.sgpq |
Despite the changes, last month's leader - Trojan DNSChanger.ech - remains at the top of this ranking. Overall, it is more than three times more widespread than the program which comes in second place. This indicates that there is quite a large-scale epidemic caused by DNSChanger which is affecting Western European countries in particular.
There were a total of 16 new entries to the rankings this month, all of which were added to our antivirus databases in August 2008. Prominent among the newcomers is a group of six Trojan-Downloaders that have occupied 3rd to 8th place. By preventing these Trojan-Downloaders from fulfilling their primary task of downloading the main body of a malicious program, our antivirus products have also blocked mass downloads of other malicious programs to users' computers.
A number of Adware programs in the form of BHO (Browser Helper Object) also stand out. The large number of these programs is due to the fact that Internet Explorer - the browser such programs are designed to function on - is extremely popular.
Last month's statistics contained four classes of malicious and potentially unwanted programs (TrojWare, AdWare, VirWare and other MalWare). In August only TrojWare and AdWare remained.
A total of 28940 different malicious and potentially unwanted programs were detected on users' computers in August. That is an increase of more than 8000 on July's figures and points to a significant increase in the number of in-the-wild threats.
The second table provides data about the most common malicious programs among all infected objects detected. The majority of the programs listed below have file-infection capabilities. The figures given are interesting as they indicate the spread of threats which need to be disinfected, rather than simply dealt with by deleting infected objects.
| Position | Change in position | Name | | 1 | 3 | Net-Worm.Win32.Nimda | | 2 | 8 | Virus.Win32.Xorer.du | | 3 | 3 | Virus.Win32.Parite.b | | 4 | 5 | Virus.Win32.Virut.n | | 5 | 9 | Virus.Win32.Parite.a | | 6 | 2 | Virus.Win32.Alman.b | | 7 | New | Trojan.Win32.DNSChanger.ech | | 8 | New | Email-Worm.Win32.Runouce.b | | 9 | 4 | Worm.Win32.Fujack.k | | 10 | 9 | Worm.VBS.Headtail.a | | 11 | 4 | Trojan-Downloader.WMA.GetCodec.d | | 12 | New | Virus.Win32.Downloader.ax | | 13 | New | Trojan-Clicker.HTML.IFrame.js | | 14 | -13 | Virus.Win32.Virut.q | | 15 | New | Virus.Win32.Small.l | | 16 | -12 | Virus.Win32.Hidrag.a | | 17 | -5 | Worm.Win32.Otwycal.g | | 18 | New | Virus.Win32.Virut.b | | 19 | -14 | Virus.Win32.Neshta.a | | 20 | New | Virus.Win32.Tenga.a |
The changes in this list are less dramatic - only 7 new entries. However, there was some significant movement, with last month's leader - Virut.q - falling 13 places and Fujack.ap dropping out of the rankings altogether after a second place finish last month.
The surprise leader turned out to be a worm that dates back to 2001. You could have been forgiven for thinking that such a worm would have disappeared from the Internet long ago, but the facts suggest otherwise: Nimda is still active and it's likely that it's still present in files that were infected during the epidemics of 2001-2002.
The appearance of Trojan.Win32.DNSChanger.ech in the second table also deserves a mention. This shows that it is constantly modifying itself and can exist in various guises on different computers.
Source: http://www.viruslist.com
Virus Top 20 for May 2008 from Kaspersky Lab -- Posted by Igor_Donchenko on Thursday, June 5 2008
| Position | Change in position | Name | Proactive Detection Flag | % | | 1. | 0 | Email-Worm.Win32.NetSky.q | Trojan.generic | 23.12 | | 2. | +1 | Email-Worm.Win32.NetSky.y | Trojan.generic | 9.70 | | 3. | +2 | Email-Worm.Win32.Scano.gen | Trojan.generic | 9.63 | | 4. | +4 | Email-Worm.Win32.Nyxem.e | Trojan.generic | 6.75 | | 5. | -3 | Email-Worm.Win32.NetSky.d | Trojan.generic | 6.27 | | 6. | Return | Email-Worm.Win32.NetSky.x | Trojan.generic | 4.44 | | 7. | -1 | Email-Worm.Win32.NetSky.aa | Trojan.generic | 3.74 | | 8. | Return | Email-Worm.Win32.NetSky.b | Trojan.generic | 3.26 | | 9. | -5 | Email-Worm.Win32.Bagle.gt | Trojan.generic | 2.75 | | 10. | Return | Net-Worm.Win32.Mytob.u | Worm.P2P.generic | 2.60 | | 11. | +6 | Net-Worm.Win32.Mytob.c | Trojan.generic | 2.40 | | 12. | 0 | Email-Worm.Win32.Scano.bn | Trojan.generic | 2.09 | | 13. | Return | Email-Worm.Win32.NetSky.r | Trojan.generic | 1.98 | | 14. | +4 | Email-Worm.Win32.NetSky.t | Trojan.generic | 1.94 | | 15. | Return | Net-Worm.Win32.Mytob.bi | Trojan.generic | 1.65 | | 16. | -5 | Email-Worm.Win32.Bagle.gen | Trojan.generic | 1.39 | | 17. | -4 | Email-Worm.Win32.Mydoom.l | Worm.P2P.generic | 1.19 | | 18. | Return | Net-Worm.Win32.Mytob.t | Worm.P2P.generic | 1.08 | | 19. | -3 | Email-Worm.Win32.NetSky.c | Trojan.generic | 0.97 | | 20. | New! | Net-Worm.Win32.Mytob.cg | Worm.P2P.generic | 0.90 | | Other malicious programs | 12.15 |
The May 2008 Email Top Twenty is a short one; this is explained by the well-known fact that virus writers take a break over the summer months. The complete absence of any epidemics in mail traffic, which is obvious from even a cursory glance at this month's rankings, bears this out.
In fact, the only significant change to the rankings was caused by the re-entry of a few worms which have been in circulation for several years now.
Trojan-Downloader programs such as Agent.ica, Agent.hsl, and Diehard that were active during the first four months of 2008 disappeared without trace in May.
The Warezov and Zhelatin worms have not reappeared since dropping out of the Top Twenty back in February. The authors have stopped sending out the executable components of the worms by email, confining themselves to distributing the code via links on infected websites.
This does mean that the threat posed by malicious code in email has declined. However, phishing and spam continue to pose very real threats and have the potential to create just as big a problem for the end user.
Other malicious programs made up a significant percentage (12.15%) of all malicious code found in mail traffic.
Summary- Moved up: Email-Worm.Win32.NetSky.y, Email-Worm.Win32.Scano.gen, Email-Worm.Win32.Nyxem.e, Net-Worm.Win32.Mytob.c, Email-Worm.Win32.NetSky.t.
- Moved down: Email-Worm.Win32.NetSky.d, Email-Worm.Win32.NetSky.aa, Email-Worm.Win32.Bagle.gt, Email-Worm.Win32.Bagle.gen, Email-Worm.Win32.Mydoom.l, Email-Worm.Win32.NetSky.c.
- Returned: Email-Worm.Win32.NetSky.x, Email-Worm.Win32.NetSky.b, Net-Worm.Win32.Mytob.u, Email-Worm.Win32.NetSky.r, Net-Worm.Win32.Mytob.bi, Net-Worm.Win32.Mytob.t, Net-Worm.Win32.Mytob.cg.
- No change: Email-Worm.Win32.NetSky.q, Email-Worm.Win32.Scano.bn.
Source: http://www.kaspersky.com
Online Scanner Top Twenty for May 2008 from Kaspersky Lab -- Posted by Igor_Donchenko on Wednesday, June 4 2008
| Position | Change in position | Name | % | | 1. | New! | Trojan-Downloader.Win32.Pendix.d | 5.00 | | 2. | +2 | Virus.Win32.Virut.n | 2.45 | | 3. | New! | Net-Worm.Win32.Allaple.b | 2.09 | | 4. | New! | Net-Worm.Win32.Allaple.e | 1.41 | | 5. | -5 | Email-Worm.Win32.Brontok.q | 1.38 | | 6. | -3 | not-a-virus:PSWTool.Win32.RAS.a | 1.21 | | 7. | New! | Backdoor.Win32.Prorat.dz | 0.90 | | 8. | +1 | not-a-virus:AdWare.Win32.Agent.zk | 0.83 | | 9. | +4 | Trojan.Win32.Delf.aam | 0.77 | | 10. | -5 | Virus.Win32.Virut.q | 0.69 | | 11. | +4 | Worm.Win32.Mabezat.b | 0.64 | | 12. | New! | Virus.Win32.Xorer.du | 0.60 | | 13. | New! | Trojan-Spy.Win32.Delf.ps | 0.53 | | 14. | Return | Trojan-Downloader.Win32.AutoIt.aa | 0.53 | | 15. | Return | Worm.Win32.AutoIt.i | 0.51 | | 16. | New! | not-a-virus:PSWTool.Win32.PWDump.2 | 0.50 | | 17. | +2 | Trojan-Spy.Win32.Ardamax.n | 0.47 | | 18. | New! | Backdoor.Win32.Bifrose.de | 0.45 | | 19. | -7 | Email-Worm.Win32.Rays | 0.40 | | 20. | New! | Virus.Win32.Alman.b | 0.38 | | Other malicious programs | 78.26 |
The statistics produced by the online scanner in May 2008 are nothing short of revolutionary. Virtumonde.gen, which has been the unquestionable leader throughout 2008, has completely disappeared from view. Worms from the Bagle family, together with several variants of Trojan.Win32.Dialer, have also dropped out of the Top Twenty.
They have been replaced by a new generation of malicious programs - file viruses, which are, unfortunately, much more dangerous.
These new entries came in at 3 and 4 (variants of the Allaple worm), 2 and 10 (variants of Virut), 12 (Xorer) and 20 (Alman.b). Never before have file viruses enjoyed such success, with six entries and three different families in our Top Twenty rankings.
Of this group, the Virut viruses pose the most serious threat. In April, we mentioned that these programs are bots used to build zombie networks. Infected computers can be used to conduct DDoS attacks, send spam and distribute new malicious programs.
In comparison, even the ranking's veterans, the Brontok.q and Rays worms, seem relatively innocuous. Brontok has surrendered top place to the Trojan-Downloader program Pendix.d. We first detected this Trojan back in December 2007, but it is only now that its spread has reached epidemic levels.
Both variants of the Chinese backdoor program Hupigon, and programs from the Trojan Spy OnlineGames family (which are designed to steal online game accounts), also disappeared from the rankings after several months of activity.
Summary- This month 9 new malicious programs appeared: Trojan-Downloader.Win32.Pendix.d, Net-Worm.Win32.Allaple.b, Net-Worm.Win32.Allaple.e, Backdoor.Win32.Prorat.dz, Virus.Win32.Xorer.du, Trojan-Spy.Win32.Delf.ps, not-a-virus:PSWTool.Win32.PWDump.2, Backdoor.Win32.Bifrose.de, Virus.Win32.Alman.b.
- Moved up: Virus.Win32.Virut.n, not-a-virus:AdWare.Win32.Agent.zk, Trojan.Win32.Delf.aam, Worm.Win32.Mabezat.b, Trojan-Spy.Win32.Ardamax.n
- Moved down: Email-Worm.Win32.Brontok.q, not-a-virus:PSWTool.Win32.RAS.a, Virus.Win32.Virut.q, Email-Worm.Win32.Rays
- Returned: Trojan-Downloader.Win32.AutoIt.aa, Worm.Win32.AutoIt.i
Source: http://www.kaspersky.com
|
BitDefender Lab's Top 10 Malware List for April Dominated by Malware Packers -- Posted by Igor_Donchenko on Friday, May 30 2008
BitDefender announced today that malware packers have gained even more popularity in the month of April, as three of the positions on BitDefender's April 2008 Top Ten Malware list are occupied with malware packed by such software. According to BitDefender Labs, the three are all packed with the same type of packer (NSAnti) which has caused problems in previous months.
"It seems repacking malware to attempt avoiding detection, rather than spending time and energy writing new viruses from scratch is a technique that's here to stay," said Sorin Dudea, Head of BitDefender AV Research.
Straightforward packers aren't the only tools used for this purpose. The fourth position on the list is a sophisticated malware loader, dubbed by BitDefender researchers as 'Loader.N.' Loader.N runs decrypts and enables two other packed pieces of malware (a Trojan, Kobcka and a Trojan, Downloader.Agent) which transforms the infected machine into a spam relay.
"The loader serves two purposes: the encryption prevents antivirus software from detecting the payload in transit, while the unpacking and loading part ensures that at no point does the payload get written to disk - eliminating another inception point," Dudea explained. "Of course, the exercise is pointless, as we can still detect the decryptor itself."
The rest of the top ten is, yet again, pretty well-populated with mass mailer viruses, with the Cutwail Trojan, another tool turning machines into spam bots, appearing in the 6th position.
BitDefender's April 2008 Top 10 malware list includes:
| Position | Name | % | | 1. | Packer.Malware.NSAnti.AD | 33.71 | | 2. | Win32.Netsky.P@mm | 7.48 | | 3. | Win32.Worm.Sohanad.NAW | 4.56 | | 4. | Packer.Malware.NSAnti.AG | 2.86 | | 5. | Trojan.Loader.N | 2.25 | | 6. | Trojan.Dropper.Cutwail.F | 2.04 | | 7. | Win32.Netsky.AA@mm | 1.98 | | 8. | Win32.NetSky.D@mm | 1.98 | | 9. | Packer.Malware.NSAnti.Z | 1.87 | | 10. | Win32.Nyxem.E@mm | 1.65 | | Other Malicious Programs | 39.62 |
Source: http://www.bitdefender.com
Powered by Coranto
|
