BitDefender researchers released today the roundup of May's most widespread malware on personal computers
Thursday, June 05, 2008
In second place there's Trojan.Downloader.WMA.Wimad.N, which, despite the complicated-sounding name, actually serves a very simple function : to load another piece of malware. It does it by pretending to be a helper app that will download a "codec" to play a "special type" of WMA file. Once the user is tricked, it downloads and runs Adware.PlayMp3z.A, an application meant to take personal information from the clients computer and use it in marketing or suspicious practices. When executed, the adware even displays a pop-up with an EULA, in an attempt to convince users of its legitimacy.
Ranked first, Trojan.Clicker.CM is a popup-serving baddie which seems to be well served by its Norton-avoidance code (it is programmed to be able to get around Norton's popup blocker).
Trying to avoid antivirus software seems to be quite the fad, as in third place there's a trojan that serves only one purpose: to prevent BitDefender from updating its virus signature database. It does this, quite simply, by modifying the infected machine's hosts file. Obviously, the trick only works on machines which don't have the BitDefender on-access scanner started.
"It just goes to show that it doesn't pay off to turn off your protection - not even for a little while" commented Sorin Dudea for BitDefender.
The NSAnti malware packer is still in the top ten, racking up percentage points due to the sheer number of malware authors who still try to hide their creations using it.
A strange appearance, in tenth position, is a rather old exploit targeting a bug in the way Microsoft windows handles cursor and icon files, one that could allow attackers remote access. The bug has long since been patched, but it would seem there's still a lot of malware that includes the exploit code "just in case".
Meer over BitDefender op het blog van pc-rubriek de Monitor
Technorati Tags bitdefender