Trojan.Clicker.CM ranks second in BitDefender’s top ten e-threats list for November. This is mostly found on websites hosting illegal applications such as cracks, key generators and serial numbers for popular commercial software applications. The Trojan is mostly used to force advertisements inside the users’ browser in order to boost their advertisement revenue.

Ranking third this month is Win32.Worm.Downadup.Gen. The worm relies on the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (MS08-67) in order to spread on other computers in the local network and restricts users’ access to Windows Update and security vendors’ web pages. Newer variants of the worm also install rogue antivirus applications.

Trojan.Wimad takes the fourth place. The Trojan mostly exploits the capability of ASF files to automatically download the appropriate codec from a remote location in order to deploy infected binary files on the host system.

Exploit.PDF-JS.Gen is a generic detection for specially crafted PDF files which exploit different vulnerabilities found in Adobe PDF Reader’s Javascript engine, in order to execute malicious code on a user’s computer. Upon opening an infected PDF file, a specially crafted Javascript code triggers the download of malicious binaries from remote locations. The threat ranks fifth this month.

Win32.Sality.OG ranks sixth. It is a polymorphic file infector that appends its encrypted code to executable files (.exe and .scr binaries). In order to hide its presence on the infected machine, it deploys a rootkit and attempts to kill antivirus applications installed locally.

Seventh place goes to Trojan.Autorun.AET, a malicious code spreading via the Windows shared folders, as well as through removable storage devices. The Trojan exploits the Autorun feature implemented in Windows for automatically launching applications when an infected storage device is plugged in.

Worm.Autorun.VHG is an Internet /network worm that exploits the Windows MS08-067 vulnerability in order to execute itself remotely using a specially crafted RPC (remote procedure call) package (an approach also used by Win32.Worm.Downadup). The worm ranks eighth in this month’s top ten.

In ninth position, Trojan.Inject.RA is a password-stealing Trojan that mostly targets Lineage II computer players. This specific variant has a key logging component that intercepts users’ keystrokes and sends them to a remote attacker via HTTP or SMTP protocols.

Trojan.Downloader.Bredolab.AZ ranks tenth in this month’s list. Disguised as a Microsoft Word document, the Trojan drops a DLL file and registers it as a Browser Helper Object. Trojan.Downloader.Bredolab.AZ monitors users’ keyboard input via a key logging component and sends the data to a website located in Russia.

BitDefender’s November 2009 top ten e-threats list includes:

1. Trojan.AutorunINF.Gen 8.45
2. Trojan.Clicker.CM 7.87
3. Win32.Worm.Downadup.Gen 5.62
4. Trojan.Wimad.Gen.1 5.00
5. Exploit.PDF-JS.Gen 3.23
6. Win32.Sality.OG 2.57
7. Trojan.Autorun.AET 2.05
8. Worm.Autorun.VHG 1.59
9. Trojan.Inject.RA 1.45
10. Trojan.Downloader.Bredolab.AZ 1.20
OTHERS 60.97

To stay up-to-date on the latest e-threats, sign-up for BitDefender’s RSS feeds here.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Trojan Wimad.Gen.1 and Trojan.Downloader.Wimad.A succeeded in raising 6.88 percent in January, making them some of the most common e-threats in the wild. Part of a very large family, these Trojans are spread with the aid of a network of malicious websites. Usually distributed via e-mail spam campaigns as a 3.5 MB .wma attachment and bearing the name of some popular artists, the disguised Trojan automatically opens the Web browser in order to retrieve the “appropriate” codec, which is, in effect, another piece of adware – Adware.PlayMp3z.A.

As predicted by BitDefender’s E-Threat Landscape Report, the exploits increased their volume in the last month, holding no less than 4 positions and almost 12 percent in the current Top 10. For instance, Trojan.Exploit.SSX abuses vulnerable sites when a malicious SQL code is injected into their databases. The result is an invisible iFrame element that redirects the user to an infected Web site that attempts to download and install several malicious payloads.

Last but not least, autorun infectors and downloaders occupied the remaining positions, with another noteworthy comeback of Packer.Malware.NSAnti.1 with its 2.09 percent. This malware with worm functionality spreads via infected Web sites or through maliciously crafted autorun.inf files within removable devices. NSAnti corrupts Internet Explorer® behavior and steals user names and passwords for online games, such as Silkroad Online or Lineage.

“The beginning of 2009 showed two important trends,” said Head of BitDefender Antimalware Research, Sorin Dudea. “First, that Web-based distributed malware is still the most successful type of e-threat in the wild and secondly: that previous productive breeds are back with the same or even higher percentage. This confirms that the level of user awareness in terms of system security remains very low for defensive activities, such as patching the OS with the latest fixes, updating security suites or surfing the Web cautiously.”

BitDefender’s January 2009 Top 10 E-Threat list includes:

1. Trojan.Clicker.CM                      5.40%
2. Trojan.Wimad.Gen.1                  4.32%
3. Trojan.AutorunINF.Gen             4.22%
4. Trojan.Downloader.Js.Agent.F   3.79%
5. Trojan.Exploit.ANPI                   3.59%
6. Trojan.Exploit.SSX                     3.36%
7. Exploit.SinaDLoader.A               2.70%
8. Trojan.Downloader.Wimad.A     2.56%
9. Exploit.HTML.Agent.AO             2.30%
10. Packer.Malware.NSAnti.1         2.09%

Other malware                              65.67%

For More information see www.bitdefender.co.uk

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.