January virus activity review from Doctor Web

Fri, 02/06/2009 - 16:41 — Igor Donchenko
Doctor Web presents the virus activity review for January 2009. The first month of 2009 went rather smoothly except for the outbreak of Win32.HLLW.Shadow.based. It didn’t see mass mailings spreading malicious code in attachments or directing users to bogus web-sites. However, fraudulent SMS, fake anti-viruses, new Trojans turning user machines into botnet zombies as well as phishing attacks were registered every now and then.

Win32.HLLW.Shadow.based (Net-Worm.Win32.Kido, W32.Downadup, Worm:Win32/Conficker)

Monthly Malware Statistics from Kaspersky Lab: January 2009

Fri, 02/06/2009 - 11:54 — Igor Donchenko
Two Top Twenties have been compiled from data generated by the Kaspersky Security Network (KSN) throughout January 2009.

The first Top Twenty is based on data collected by Kaspersky Lab’s 2009 antivirus product and gives details of malicious, advertising, and potentially unwanted programs detected on users' computers.
Position Change in position Name
1 0 Virus.Win32.Sality.aa
2 0 Packed.Win32.Krap.b
3 1 Worm.Win32.AutoRun.dui
4 -1 Trojan-Downloader.Win32.VB.eql
5 3 Trojan.Win32.Autoit.ci
6 0 Trojan-Downloader.WMA.GetCodec.c
7 2 Packed.Win32.Black.a
8 -1 Virus.Win32.Alman.b
9 5 Trojan.Win32.Obfuscated.gen
10 10 Trojan-Downloader.WMA.GetCodec.r
11 New Exploit.JS.Agent.aak
12 -1 Worm.Win32.Mabezat.b
13 -3 Worm.Win32.AutoIt.ar
14 1 Email-Worm.Win32.Brontok.q
15 New Virus.Win32.Sality.z
16 New Net-Worm.Win32.Kido.ih
17 Return Trojan-Downloader.WMA.Wimad.n
18 -2 Virus.Win32.VB.bu
19 -2 Trojan.Win32.Agent.abt
20 New Worm.Win32.AutoRun.vnq

There were no major changes to the composition of the first Top Twenty during the first month of 2009. Exploit.JS.Agent.aak took the place of Trojan.HTML.Agent.ai and Trojan-Downloader.JS.Agent.czm which appeared in the December ratings. The AutoRun.eee worm, which has vanished from this month’s Top Twenty, has now been replaced by Worm.Win32.AutoRun.vnq. This is not surprising, as frequent new modifications are characteristic of these types of malicious program.

Win32.HLLW.Shadow.based exploits vulnerability of Windows

Sat, 01/17/2009 - 14:47 — Igor Donchenko
Doctor Web notifies users of the Win32.HLLW.Shadow.based worm spreading over the Internet. There are several ways for the worm to get into a system. One of them is to exploit vulnerabilities found in all versions of Windows starting with Windows 2000 and up to Windows 7. Win32.HLLW.Shadow.basedalso features a polymorphic packer and therefore is very hard to analyze.

Spreading

BitDefender Reports Older, Known Worm Causing New Outbreaks

Thu, 01/15/2009 - 20:34 — Igor Donchenko
Win32.Worm.Downadup, a worm which spreads by exploiting a vulnerability in the Windows RPC Server Service, has been detected by BitDefender®. The Downloadup worm (also called Conficker or Kido) itself is nothing new. It made its first appearance late November 2008, exploiting the MS08-067 vulnerability to spread unhindered in local area networks. Its purpose was to install rogue security software on infected computers.

December virus activity review from Doctor Web

Tue, 01/13/2009 - 10:46 — Igor Donchenko
Doctor Web presents the virus activity review for December 2008. The last month of the passed year confirmed forecasts of the annual review. In particular it saw an increase of e-mails spreading malware as well as a rising number of phishing attacks.

Twitter 'Direct Messages' pushes to adware site

Thu, 01/08/2009 - 17:34 — Igor Donchenko
The Fortinet Global Security Research Team has investigated a series of malicious Twitter direct messages that push users to a site offering potentially unwanted software in the form of free games. Malicious "Direct Messages" (aka DM) circulating on Twitter leading unsuspecting users to a site offering potentially unwanted software in the form of free games.

The malicious messages "spamvertise" iPhone-related websites:

Wanna win the new iPhone?
It's so easy and cool, I love this thing!

Visit: http://iphone[REMOVED].info

Exploitations and malware report from Fortiguard Center - December 2008 edition

Thu, 01/08/2009 - 17:11 — Igor Donchenko
Top 10 Exploitations

Top 10 exploitation attempts detected for this period, ranked by vulnerability traffic. Percentage indicates the portion of activity the vulnerability accounted for out of all attacks reported in this edition. Severity indicates the general risk factor involved with the exploitation of the vulnerability, rated from low to critical. Critical issues are outlined in bold:
RankVulnerabilityPercentageSeverity
1Trojan.Storm.Worm.Krackin.Detection59.5High
2MS.IIS.Web.Application.
SourceCode.Disclosure		2.5Medium
3Danmec.Asprox.SQL.Injection2.0High
4TCP.PORT01.8Low
5SSLv3.SessionID.Overflow1.6High
6MS.Exchange.Mail.Calender.Buffer.Overflow0.8High
7MS.Network.Share.Provider.Unchecked.
Buffer.DoS		0.8High
8MS.IE.HTML.Attribute.Buffer.Overflow0.8High
9MS.SQL.Server.Insert.Statements.
Privilege.Elevation		0.7High
10MS.SMB.DCERPC.SRVSVC.
PathCanonicalize.Overflow		0.6High

Norman: Summing up 2008 and predictions for 2009

Thu, 01/08/2009 - 16:46 — Igor Donchenko
Introduction

In this security article we will focus on the security trends that could be observed during 2008, and will also briefly try to look into the crystal ball to see what can be expected in 2009.

That Was the Year That Was

2008: Another year with no MAJOR incidents - but a plethora of minor

The days seem to have passed when a retrospective look upon the year that has passed could be summed up in a few major events. No particularly big incidents happened in the year that is now coming to its closing.

This does not mean that the Internet community had a quiet and safe year - quite the contrary, actually. In later years we have seen a shift in the types of malware from "a few" major to an almost over-complex amount of malware.

Phishing and spam attacks strike Twitter users

Mon, 01/05/2009 - 20:51 — Igor Donchenko
IT security and control firm Sophos has warned members of Twitter to be on their guard against an evolving attack which threatens to steal personal information from them.

Thousands of Twitter users are reporting having received direct messages from friends inviting them to visit a website. Sometimes the lure claims that they could win an Apple iPhone, and on other occasions the messages have pretended to point to funny pictures or blog articles about the recipients.

Monthly Malware Statistics from Kaspersky Lab: December 2008

Mon, 01/05/2009 - 20:44 — Igor Donchenko
Two Top Twenties have been compiled from data provided by the Kaspersky Security Network (KSN) throughout December 2008.

The first Top Twenty is based on data collected by version 2009 antivirus products. The ranking is made up of the malicious programs, adware and potentially unwanted programs most frequently detected on users’ computers.
Position Change in position Name
1 0 Virus.Win32.Sality.aa
2 0 Packed.Win32.Krap.b
3 2 Trojan-Downloader.Win32.VB.eql
4 0 Worm.Win32.AutoRun.dui
5 New Trojan.HTML.Agent.ai
6 -3 Trojan-Downloader.WMA.GetCodec.c
7 10 Virus.Win32.Alman.b
8 12 Trojan.Win32.AutoIt.ci
9 -2 Packed.Win32.Black.a
10 New Worm.Win32.AutoIt.ar
11 3 Worm.Win32.Mabezat.b
12 3 Worm.Win32.AutoRun.eee
13 New Trojan-Downloader.JS.Agent.czm
14 Return Trojan.Win32.Obfuscated.gen
15 1 Email-Worm.Win32.Brontok.q
16 -3 Virus.Win32.VB.bu
17 -6 Trojan.Win32.Agent.abt
18 -8 Trojan-Downloader.JS.IstBar.cx
19 -1 Worm.VBS.Autorun.r
20 New Trojan-Downloader.WMA.GetCodec.r
Syndicate content