Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Trojans dominate threat list for April

BitDefender UK : 07 May, 2009  (Technical Article)
BitDefender names the top ten malware items for April and notes that Trojans are the dominating factor in the list
BitDefender's lineup of the ten most prevalent threats for April is dominated by Trojans, an on-going trend for this year. These threats, which spread by deceiving the recipient, occupy seven of the ten positions. There are also a couple of worms, exploits and viruses to break up the 'trojan parade'.

In tenth position and highlighting the importance of the Web as the preferred infection vector, there is a 'silent' trojan designed for injection into legitimate websites which are vulnerable to this type of attack. This device is used solely to make visitors' browsers load exploit code. Examples detected by BitDefender include Exploit.SWF.Gen and Trojan.Exploit.ANPW; sitting in sixth and fifth place respectively. This combination actually exists and is found mainly on Chinese malicious websites.

Trojan.Peed.Gen (aka the venerable Storm Worm) has recorded a significant 1.81% of detections for April, although this time around it is used as a dropped component for some other threat: A sign, maybe, that it has outlived its effectiveness as an infector and is used now only for the control functionality it provides to an attacker.

A newcomer Trojan.KillAV.PT occupies eighth place. This is a form of 'utility'
malware, which kills any antivirus or security process it can find (from a long list) on the target machine. It prevents them from running ever again, then decrypts and executes a downloader, which in turn downloads and installs a game password stealer.

In seventh place, Win32.Sality is the only true virus in the April top ten. This is a polymorphic file infector which modifies executable files (.exe and .scr) appending its encrypted body at the end of files in a newly created section.

This spreads by linking to an infected executable from the Autorun.INF file found on removable media or network shares. This is an old trick that has served the much newer Downadup aka - Conficker - well.

The Conficker worm occupies fourth place, under the Win32.Worm.Downadup.Gen.

Its capabilities are well known by now, but the fact that it is still spreading vigorously enough to take up more than three percent of detections by itself, is something of a surprise after all this time.

Commenting on the April listing, Sorin Dudea, Head of BitDefender Antivirus Lab said: 'We can only hope the high detection rate is due to the fact that more people who were previously infected are now using effective antivirus protection. However, we cannot discount the possibility that the worm is being replicated by a sizeable network of infected machines.

Two rather old adware trojans, Wimad and Clicker occupy the third and second spots.

Trojan.AutorunINF.Gen occupies first place. It is not a single e-threat, but rather a generic name for trojans which use the Autorun.INF spreading mechanism outlined above; but in these cases without a specific signature being added.

'We're happy to see this kind of generic, no-human-in-the- loop detection work well,' adds Mr. Dudea. 'The future of reliable antivirus countermeasures will depend on adapting to new e-threats in real time and such techniques pave the way for this approach.'

Name - %
1 Trojan.AutorunINF.Gen - 9
2 Trojan.Clicker.CM - 8.47
3 Trojan.Wimad.Gen.1 - 5.68
4 Win32.Worm.Downadup.Gen - 3.05
5 Trojan.Exploit.ANPW - 2.84
6 Exploit.SWF.Gen - 2.4
7 Win32.Sality.OG - 2.1
8 Trojan.KillAV.PT - 1.91
9 Dropped:Trojan.Peed.Gen - 1.81
10 Trojan.Exploit.SSX - 1.74
OTHERS - 60.99

For further details on the latest malware detected in the wild, please visit BitDefender's Defence Portal site.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo