Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

BitDefender threat list for May dominated by Trojans

BitDefender UK : 04 June, 2009  (Technical Article)
Six of the top ten IT threat positions in BitDefender's monthly report for May occupied by Trojans
BitDefender has released a list of the top ten e-threats detected in May. It's trojans all the way (almost) with these simple, user-interaction driven pieces of malware occupying no less than six of the ten positions, including the top three.

First place in the BitDefender top ten goes to an infection technique, rather than a piece of malware. The autorun.inf exploitation code found in threats as diverse as Conficker and Sality tops out at 9.93% of detections, making it the most widespread exploit and the top e-threat of the month.

The positively ancient Trojan.Clicker.CM, a popup-serving program, can be found in second place with a whopping 9.23% of detections.

In third place is the Wimad trojan, an e-threat which masquerades as a video player, with 5.34% of detections.

A lowly bit of SWF exploit code, heavily used in malicious and compromised websites the world over, can be found in fourth, at 4.33%. Conficker is on the up again, for some reason, climbing in fifth position this month with 3.12% of detected infections.

A polymorphic file infector claimed sixth place this month, and if that sounds dangerous, it is. The virus infects executable files as well as network shares, re-writing itself in the process to avoid signature-based
scanners.

Once such an infected file gets executed directly, or the share it's in gets opened with the 'Autorun' option enabled, the virus installs a rootkit on the affected computer. The rootkit gives an attacker complete control, while the virus itself, oddly, acts as a port-scanner trying to find open UDP services on random computers.

The Storm Worm, in seventh place, is back from the e-dead. It returns as a dropped component, that is, it is not spreading on its own, but rather it is being installed by some other e-threat, presumably to be used as a 'remote control' for the infected computer.

Trojan.Autorun.AET, a trojan which also spreads through shared folders via the Autorun misfeature in Windows, is in ninth place this month. And finally, the Trojan.JS.PYV closes the list at number ten, a new entry with 1.73% of detections.

BitDefender's May 2009 Top 10 E-Threat list includes:

Pos. Name %
1 Trojan.AutorunINF.Gen - 9.93
2 Trojan.Clicker.CM - 9.23
3 Trojan.Wimad.Gen.1 - 5.34
4 Exploit.SWF.Gen - 4.33
5 Win32.Worm.Downadup.Gen - 3.12
6 Win32.Sality.OG - 2.25
7 Trojan.Exploit.ANPW - 2.17
8 Dropped:Trojan.Peed.Gen - 1.9
9 Trojan.Autorun.AET - 1.87
10 Trojan.JS.PYV - 1.73
OTHERS - 58.13

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo