zaterdag 7 juni 2008

Malware-overzicht BitDefender mei 2008

BitDefender researchers released today the roundup of May's most widespread malware on personal computers

Thursday, June 05, 2008


E-mail this to a friend     PDF




The top is roundly dominated by Trojans, most of them discovered in the last few months - with the notable exception of Zlob, a bit of malware which has been making the rounds for some time now.



In second place there's Trojan.Downloader.WMA.Wimad.N, which, despite the complicated-sounding name, actually serves a very simple function : to load another piece of malware. It does it by pretending to be a helper app that will download a "codec" to play a "special type" of WMA file. Once the user is tricked, it downloads and runs Adware.PlayMp3z.A, an application meant to take personal information from the clients computer and use it in marketing or suspicious practices. When executed, the adware even displays a pop-up with an EULA, in an attempt to convince users of its legitimacy.

Ranked first,
Trojan.Clicker.CM is a popup-serving baddie which seems to be well served by its Norton-avoidance code (it is programmed to be able to get around Norton's popup blocker).







Trying to avoid antivirus software seems to be quite the fad, as in third place there's a trojan that serves only one purpose: to prevent
BitDefender from updating its virus signature database. It does this, quite simply, by modifying the infected machine's hosts file. Obviously, the trick only works on machines which don't have the BitDefender on-access scanner started.

"It just goes to show that it doesn't pay off to turn off your protection - not even for a little while" commented Sorin Dudea for BitDefender.

The
NSAnti malware packer is still in the top ten, racking up percentage points due to the sheer number of malware authors who still try to hide their creations using it.

A strange appearance, in tenth position, is a rather old exploit targeting a bug in the way Microsoft windows handles cursor and icon files, one that could allow attackers remote access. The bug has long since been patched, but it would seem there's still a lot of malware that includes the exploit code "just in case".

Rank

Name

%

1.

Trojan.Clicker.CM

8.03

2.

Trojan.Downloader.WMA.Wimad.N

7.26

3.

Trojan.Qhost.AQR

3.38

4.

Trojan.FakeAlert.PP

3.25

5.

Trojan.HTML.Zlob.AA

2.66

6.

Trojan.HTML.Zlob.W

2.64

7.

Trojan.Autorun.EU

2.3

8.

Packer.Malware.NSAnti.AD

1.96

9.

Trojan.Downloader.JS.Agent.OL

1.73

10

Exploit.Win32.MS05-002.Gen

1.61



Meer over BitDefender op het blog van pc-rubriek de Monitor


Technorati Tags    

Geen opmerkingen: