Worms dominate August e-threats
Worms continued to dominate the Top Ten E-Threats for August published by security firm BitDefender, with Trojan.Clicker.CM holding the top spot.
The Trojan.Clicker.CM Trojan is also becoming increasingly present on so-called ‘warez’ websites - download portals hosting cracks and keygens for commercial applications.
Second on the list, Trojan.AutorunINF.Gen is accountable for 10 per cent of the total number of global infections. The Windows Autorun feature is used by multiple families of malware in order to propagate via removable media.
Trojan.Wimad.Gen.1 ranks third with 6 per cent. This Trojan affects ASF files with their ability to automatically download the appropriate video codec if it is missing from the system. Malware authors usually hijack the original specifications to force the file into downloading a malicious binary instead.
More than eight months since it first entered the BitDefender Top 10 E-Threats list, Win32.Worm.Downadup ranks fourth with 4 per cent of the total amount of infected machines wordlwide. Also known as Conficker or Kido, the worm restricts access to the websites associated with IT security vendors.
Ranking fifth this month, Win32.Sality.OG is a polymorphic file infector that appends its encrypted code to executable files (.exe and .scr binaries.). To hide its presence on the infected machine, it deploys a rootkit, and attempts to kill antivirus applications installed locally.
Sixth place is taken by Win32.Induc.A, an unusual piece of malware infecting applications built with Borland (now Embarcadero) Delphi versions 4 through to 7. The virus does not infect binary file, but rather modifies the SYSCONST.PAS file, injects its malicious code, and then compiles the file back. All the applications built with the compromised compiler would then be infected with the virus. Win32.Induc.A has no malicious payload, but its abrupt escalation in the Top Ten list shows that only a few Delphi developers are aware of the widespread infection.
Trojan.Autorun.AET, in seventh position, is a piece of malware that spreads through the Windows shared folders, as well as via removable media (network attached storage devices or mapped drives). The Trojan exploits the Autorun feature implemented in Windows operating systems to automatically execute itself when an infected device is plugged in.
Ranking eighth in this month's Top Ten E-threats, Trojan. JS.PYV is a malicious script affecting users who are browsing malicious or legitimate websites which were compromised by attackers.
In ninth place is Win32.Virtob.Gen which is a file infector written in assembly language. The piece of malware hides its presence by injecting hooks into other Windows processes, but avoids compromising system files. It also opens a backdoor that can be exploited by a remote attacker to seize control over the infected machine. This is a high-risk infection; for more details on how to remove this threat, got to www.bitdefender.co.uk/VIRUS-1000070-en--Win32.Virtob.Gen.html
In last place, Worm.Autorun.VHG is an Internet/network worm that exploits the Windows MS08-067 vulnerability in order to execute itself remotely using a specially crafted RPC (remote procedure call) package (an approach also used by Win32.Worm.Downadup). The increasing presence of the worm in BitDefender's Top Ten E-Threats list reveals that users are still ignoring Microsoft's security advisories and avoid deploying security patches.
The full rundown of BitDefender's August 2009 Top 10 E-Threats list is:
- Trojan.Clicker.CM – 14 per cent
- Trojan.AutorunINF.Gen - 10 per cent
- Trojan.Wimad.Gen.1 - 6 per cent
- Win32.Worm.Downadup.Gen - 4 per cent
- Win32.Sality.OG - 3 per cent
- Win32.Induc.A - 2 per cent
- Trojan.Autorun.AET - 2 per cent
- Trojan.JS.PYV - 2 per cent
- Win32.Virtob.Gen.12 - 2 per cent
- Worm.Autorun.VHG - 2 per cent