Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

PDF Vulnerability tops the malware chart for December

BitDefender UK : 11 January, 2010  (Technical Article)
Major exploits identified by BitDefender for December are headed by javascript code which exploits a vulnerability in the Adobe PDF reader
A generic detection which deals with specially crafted PDF files exploiting different vulnerabilities found in Adobe PDF Reader's Javascript engine has topped BitDefender's top ten e-threat report for December. Called Exploit.PDF-JS.Gen, this device is designed to execute malicious code on the victim's computer. Upon opening an infected PDF file, a specially crafted Javascript code triggers the download of malicious binaries from remote locations.

The second highest e-threat in BitDefender's December listing is Trojan.AutorunInf.Gen. This is a generic mechanism to spread malware using removable devices such as flash drives, memory cards or external hard-disk drives. Win32.Worm.Downadup and Win32.TDSS are two of the most famous families of malware to use this approach to trigger newer infections.

Trojan.Clicker.CM is in third place. This is mostly found on websites hosting illegal applications such as cracks, key generators and serial numbers for popular commercial software applications. The Trojan is mostly used to force advertisements inside the users' browser in order to boost their advertisement revenue.

Fourth is Win32.Worm.Downadup.Gen. Relying on the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (MS08-67), this worm spreads on other computers in the local network and restricts users' access to Windows Update and security vendors' web pages. Newer variants of the worm also install rogue antivirus applications, among others.

Trojan.Wimad.Gen.1, comes fifth, mostly exploits the capability of ASF files to automatically download the appropriate codec from a remote location in order to deploy infected binary files on the host system. The ASF format will store data in either WMA (Windows Media Audio) or WMV (Windows Media Video) formats, which are mostly to be found on Torrent websites. When played locally, the specially-crafted WMV file would allegedly attempt to download a "special codec", which is in fact a malicious binary hosted on a third-party website.

Sixth place is taken by Win32.Sality.OG. This malicious e-threat is a polymorphic file infector that appends its encrypted code to executable files (.exe and .scr binaries). It deploys a rootkit and kills antivirus applications running on the computer so as to hide its presence on the infected machine.

Trojan.Autorun.AET, a malicious code spreading via the Windows shared folders, as well as through removable storage devices, is in seventh position. The Trojan exploits the Autorun feature implemented in Windows for automatically launching applications when an infected storage device is plugged in.

In eighth position is Worm.Autorun.VHG. This is an Internet /network worm that exploits the Windows MS08-067 vulnerability in order to execute itself remotely using a specially crafted RPC (remote procedure call) package (an approach also used by Win32.Worm.Downadup).

Win32.Worm.Downadup.B is in ninth position. It is a variant of Win32.Worm.Downadup with similar functionality, except for the fact that the number of blocked AV URLs is lower. Also, this is one of the least dangerous variants, as it comes with no malicious payload.

Trojan.Script.236197 concludes BitDefender's top ten e-threats list for December. This obfuscated JavaScript file forces small pop-up windows disguised as MSN Messenger alerts when the user visits an adult website. The ads, served through advertising service DoublePimp, look like a real-time conversation with a woman allegedly located in the same area as the user's ISP.

BitDefender's December 2009 top ten e-threat list includes:

1 Exploit.PDF-JS.Gen 12.04
2 Trojan.AutorunINF.Gen 8.15
3 Trojan.Clicker.CM 7.90
4 Win32.Worm.Downadup.Gen 5.85
5 Trojan.Wimad.Gen.1 4.57
6 Win32.Sality.OG 2.65
7 Trojan.Autorun.AET 1.97
8 Worm.Autorun.VHG 1.65
9 Win32.Worm.Downadup.B 1.25
10 Trojan.Script.236197 1.08
OTHERS 52.85

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo