Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Auto-downloads dominate February threat list

BitDefender UK : 04 March, 2009  (Technical Article)
BitDefender's list of top threats for February dominated by the drive-by variant of malware activated during website visits
Drive-by-download components dominate BitDefender's 'Top Ten' e-threats for February. These drive-by-download components are bits of malware strung together like a 'daisy-chain' by their creators. Each component represents another attempt by cybercriminals to compromise the security of a user's system.

The Norton-bypassing ad-serving malware Trojan.Clicker.CM is in first position, for the second time this year. Clicker.CM displays a large number of commercial pop-up windows in the current web browser's background attempting to lure the user to click. If clicked, profits are generated for advertisements registered within a pay-per-click system. The trojan also uses several functions that bypass the Norton Internet Security Pop-up Blocker.

This is followed by an older 'daisy chain', Trojan.Wimad.Gen.1 or the Wimad trojan, which masquerades as a player component for malicious ASF files. This trojan is loaded via a downloader trojan, ranked tenth in the February e-threats list.

The Conficker virus and its variants are also listed via a generic detection against viruses that use the recent autorun bug in Windows - Trojan.AutorunINF.Gen, with 4.17 percent of detections.

Ranked eighth is Trojan.IFrame.GA, a simple script which gets injected in compromised web pages and sends browsers to a collection of exploits such as Trojan.Exploit.ANPI (ranked seventh), which can direct vulnerable systems to a page containing Trojan.Exploit.SSX (in fifth position).

According to Sorin Dudea, head of Bitdefender antimalware research, this particular infection chain comes from an analysis of a number of compromised and/or malicious websites hosted in China.

New entries include three new downloaders: Trojan.Downloader.JS.Psyme.SR, Trojan.Downloader.JLPK and Trojan.Downloader.Js.Agent.F. All serve the simple function of downloading and launching more malware onto compromised computers from websites.

BitDefender's February 2009 Top 10 E-Threat list includes:

1 Trojan.Clicker.CM - 5.87
2 Trojan.Wimad.Gen.1 - 4.39
3 Trojan.AutorunINF.Gen - 4.17
4 Trojan.Downloader.JLPK - 3.94
5 Trojan.Exploit.SSX - 3.92
6 Trojan.Downloader.Js.Agent.F - 3.9
7 Trojan.Exploit.ANPI - 3.77
8 Trojan.IFrame.GA - 2.9
9 Trojan.Downloader.JS.Psyme.SR - 2.32
10 Trojan.Downloader.WMA.Wimad.S - 2.01
Other malware - 62.81
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo