Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Autorun malware currently biggest IT security risk

BitDefender UK : 02 December, 2009  (Technical Article)
BitDefender's top ten threat list shows what the main threats are and where they are found with the biggest threat being an exploit of the Microsoft Windows Autorun feature
According to BitDefender, the biggest risk to computer users is currently Trojan.AutorunINF.Gen, a generic family of malware abusing the Autorun feature in Microsoft Windows operating systems. By default, every removable storage device features an autorun.ini script that instructs the computer which file to execute when the device is plugged in. Malware authors are now tampering with these files to make it launch various malicious applications.

Trojan.Clicker.CM ranks second in BitDefender's top ten e-threats list for November. This is mostly found on websites hosting illegal applications such as cracks, key generators and serial numbers for popular commercial software applications. The Trojan is mostly used to force advertisements inside the users' browser in order to boost their advertisement revenue.

Ranking third this month is Win32.Worm.Downadup.Gen. The worm relies on the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (MS08-67) in order to spread on other computers in the local network and restricts users' access to Windows Update and security vendors' web pages. Newer variants of the worm also install rogue antivirus applications.

Trojan.Wimad takes the fourth place. The Trojan mostly exploits the capability of ASF files to automatically download the appropriate codec from a remote location in order to deploy infected binary files on the host system.

Exploit.PDF-JS.Gen is a generic detection for specially crafted PDF files which exploit different vulnerabilities found in Adobe PDF Reader's Javascript engine, in order to execute malicious code on a user's computer. Upon opening an infected PDF file, a specially crafted Javascript code triggers the download of malicious binaries from remote locations. The threat ranks fifth this month.

Win32.Sality.OG ranks sixth. It is a polymorphic file infector that appends its encrypted code to executable files (.exe and .scr binaries). In order to hide its presence on the infected machine, it deploys a rootkit and attempts to kill antivirus applications installed locally.

Seventh place goes to Trojan.Autorun.AET, a malicious code spreading via the Windows shared folders, as well as through removable storage devices. The Trojan exploits the Autorun feature implemented in Windows for automatically launching applications when an infected storage device is plugged in.

Worm.Autorun.VHG is an Internet /network worm that exploits the Windows MS08-067 vulnerability in order to execute itself remotely using a specially crafted RPC (remote procedure call) package (an approach also used by Win32.Worm.Downadup). The worm ranks eighth in this month's top ten.

In ninth position, Trojan.Inject.RA is a password-stealing Trojan that mostly targets Lineage II computer players. This specific variant has a key logging component that intercepts users' keystrokes and sends them to a remote attacker via HTTP or SMTP protocols.

Trojan.Downloader.Bredolab.AZ ranks tenth in this month's list. Disguised as a Microsoft Word document, the Trojan drops a DLL file and registers it as a Browser Helper Object. Trojan.Downloader.Bredolab.AZ monitors users' keyboard input via a key logging component and sends the data to a website located in Russia.

BitDefender's November 2009 top ten e-threats list includes:

1. Trojan.AutorunINF.Gen 8.45
2. Trojan.Clicker.CM 7.87
3. Win32.Worm.Downadup.Gen 5.62
4. Trojan.Wimad.Gen.1 5.00
5. Exploit.PDF-JS.Gen 3.23
6. Win32.Sality.OG 2.57
7. Trojan.Autorun.AET 2.05
8. Worm.Autorun.VHG 1.59
9. Trojan.Inject.RA 1.45
10. Trojan.Downloader.Bredolab.AZ 1.20
OTHERS 60.97
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo