The trend seen last summer that Trojan horses are a major threat continued through last month with statistics from ThreatNet revealing that Trojans composed six of the top ten threats to computers during the month.  The number one threat detected by the software a total of 22.97% times was the Trojan Win32.Generic!BT.  This is a slight increase by about 1% for January and December.
These Trojans are downloaders associated with rogue security programs known as “scareware”. Once they are on a user’s system, these programs perform a fake scan of a victim’s computer for malware then display false warnings that the machine is infected in an attempt to convince victims to purchase fake security software.

“The Security Shield rogue has become very noticeable, with many comments posted to our Rogue Security software blog regarding this particular infection,” said Chris Boyd, senior threat researcher at GFI Labs. “These types of attacks notoriously cause a great deal of stress for the victim in addition to simply infecting their computer.”

While Trojans continue to be the most common threat detected, GFI Labs researchers are also seeing a rise in lesser-known attack vectors. Although they are not as common, these forms of attack are especially dangerous because most users may not know how to spot them.

“PDF exploits continue to be problematic, showing a small increase since January. February has also seen continued use of fake Java applet installs to infect PCs with malware, Alureon infected videogame patches distributed on P2P networks and phishing attempts targeting customers of the popular online retailer Play.com,” said Boyd. “With new attacks popping up every day, users need to always stay cautious and research programs they plan to download when there is any doubt.”

ThreatNet is GFI Lab’s monitoring system that retrieves real-time data from VIPRE installations. Statistics come from tens of thousands of machines running VIPRE.

Top 10 detections for February

Detection Type Percent

Trojan.Win32.Generic!BT Trojan 22.97
Trojan-Spy.Win32.Zbot.gen Trojan 3.46
Trojan.Win32.Generic.pak!cobra Trojan 2.89
Zugo LTD (v) Adware 2.52
Fraudtool.Win32.Securityshield.ek!c (v) Trojan 2.00
Trojan.Win32.Generic!SB.0 Trojan 1.72
INF.Autorun (v) Trojan 1.66
Worm.Win32.Downad.Gen (v) Worm 1.48
Pinball Corporation (v) Adware 1.19
Exploit.PDF-JS.Gen (v) PDF exploit 0.83

To see a graphical comparison of the top 10 most prevalent malware infections between January 2011 and February 2011, please visit:http://images.gfi.com/Feb2011_Chart.jpg

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Trojan.Clicker.CM ranks second in BitDefender’s top ten e-threats list for November. This is mostly found on websites hosting illegal applications such as cracks, key generators and serial numbers for popular commercial software applications. The Trojan is mostly used to force advertisements inside the users’ browser in order to boost their advertisement revenue.

Ranking third this month is Win32.Worm.Downadup.Gen. The worm relies on the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (MS08-67) in order to spread on other computers in the local network and restricts users’ access to Windows Update and security vendors’ web pages. Newer variants of the worm also install rogue antivirus applications.

Trojan.Wimad takes the fourth place. The Trojan mostly exploits the capability of ASF files to automatically download the appropriate codec from a remote location in order to deploy infected binary files on the host system.

Exploit.PDF-JS.Gen is a generic detection for specially crafted PDF files which exploit different vulnerabilities found in Adobe PDF Reader’s Javascript engine, in order to execute malicious code on a user’s computer. Upon opening an infected PDF file, a specially crafted Javascript code triggers the download of malicious binaries from remote locations. The threat ranks fifth this month.

Win32.Sality.OG ranks sixth. It is a polymorphic file infector that appends its encrypted code to executable files (.exe and .scr binaries). In order to hide its presence on the infected machine, it deploys a rootkit and attempts to kill antivirus applications installed locally.

Seventh place goes to Trojan.Autorun.AET, a malicious code spreading via the Windows shared folders, as well as through removable storage devices. The Trojan exploits the Autorun feature implemented in Windows for automatically launching applications when an infected storage device is plugged in.

Worm.Autorun.VHG is an Internet /network worm that exploits the Windows MS08-067 vulnerability in order to execute itself remotely using a specially crafted RPC (remote procedure call) package (an approach also used by Win32.Worm.Downadup). The worm ranks eighth in this month’s top ten.

In ninth position, Trojan.Inject.RA is a password-stealing Trojan that mostly targets Lineage II computer players. This specific variant has a key logging component that intercepts users’ keystrokes and sends them to a remote attacker via HTTP or SMTP protocols.

Trojan.Downloader.Bredolab.AZ ranks tenth in this month’s list. Disguised as a Microsoft Word document, the Trojan drops a DLL file and registers it as a Browser Helper Object. Trojan.Downloader.Bredolab.AZ monitors users’ keyboard input via a key logging component and sends the data to a website located in Russia.

BitDefender’s November 2009 top ten e-threats list includes:

1. Trojan.AutorunINF.Gen 8.45
2. Trojan.Clicker.CM 7.87
3. Win32.Worm.Downadup.Gen 5.62
4. Trojan.Wimad.Gen.1 5.00
5. Exploit.PDF-JS.Gen 3.23
6. Win32.Sality.OG 2.57
7. Trojan.Autorun.AET 2.05
8. Worm.Autorun.VHG 1.59
9. Trojan.Inject.RA 1.45
10. Trojan.Downloader.Bredolab.AZ 1.20
OTHERS 60.97

To stay up-to-date on the latest e-threats, sign-up for BitDefender’s RSS feeds here.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Trojan Wimad.Gen.1 and Trojan.Downloader.Wimad.A succeeded in raising 6.88 percent in January, making them some of the most common e-threats in the wild. Part of a very large family, these Trojans are spread with the aid of a network of malicious websites. Usually distributed via e-mail spam campaigns as a 3.5 MB .wma attachment and bearing the name of some popular artists, the disguised Trojan automatically opens the Web browser in order to retrieve the “appropriate” codec, which is, in effect, another piece of adware – Adware.PlayMp3z.A.

As predicted by BitDefender’s E-Threat Landscape Report, the exploits increased their volume in the last month, holding no less than 4 positions and almost 12 percent in the current Top 10. For instance, Trojan.Exploit.SSX abuses vulnerable sites when a malicious SQL code is injected into their databases. The result is an invisible iFrame element that redirects the user to an infected Web site that attempts to download and install several malicious payloads.

Last but not least, autorun infectors and downloaders occupied the remaining positions, with another noteworthy comeback of Packer.Malware.NSAnti.1 with its 2.09 percent. This malware with worm functionality spreads via infected Web sites or through maliciously crafted autorun.inf files within removable devices. NSAnti corrupts Internet Explorer® behavior and steals user names and passwords for online games, such as Silkroad Online or Lineage.

“The beginning of 2009 showed two important trends,” said Head of BitDefender Antimalware Research, Sorin Dudea. “First, that Web-based distributed malware is still the most successful type of e-threat in the wild and secondly: that previous productive breeds are back with the same or even higher percentage. This confirms that the level of user awareness in terms of system security remains very low for defensive activities, such as patching the OS with the latest fixes, updating security suites or surfing the Web cautiously.”

BitDefender’s January 2009 Top 10 E-Threat list includes:

1. Trojan.Clicker.CM                      5.40%
2. Trojan.Wimad.Gen.1                  4.32%
3. Trojan.AutorunINF.Gen             4.22%
4. Trojan.Downloader.Js.Agent.F   3.79%
5. Trojan.Exploit.ANPI                   3.59%
6. Trojan.Exploit.SSX                     3.36%
7. Exploit.SinaDLoader.A               2.70%
8. Trojan.Downloader.Wimad.A     2.56%
9. Exploit.HTML.Agent.AO             2.30%
10. Packer.Malware.NSAnti.1         2.09%

Other malware                              65.67%

For More information see www.bitdefender.co.uk

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.