Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

January e-threat report shows continued Trojan dominance

BitDefender UK : 11 February, 2009  (Technical Article)
The web continued to be the major source of malware threats in January with browser activated Trojan topping the list
Web-based e-threats continue to dominate during the first month of 2009, according to BitDefender's Top Ten analysis. Leading the pack was Trojan.Clicker.CM with a share of 5.40 percent. This device displays a significant number of commercial pop-up windows in the background of the user's Web browser in order to lure the user to click. The aim is to generate profits for advertisements registered within a pay-per-click system. To display the ads successfully, the Trojan uses several functions that bypass the Norton Internet Security Pop-up Blocker.

Trojan Wimad.Gen.1 and Trojan.Downloader.Wimad.A succeeded in raising 6.88 percent in January, making them some of the most common e-threats in the wild. Part of a very large family, these Trojans are spread with the aid of a network of malicious websites. Usually distributed via e-mail spam campaigns as a 3.5 MB .wma attachment and bearing the name of some popular artists, the disguised Trojan automatically opens the Web browser in order to retrieve the "appropriate" codec, which is, in effect, another piece of adware - Adware.PlayMp3z.A.

As predicted by BitDefender's E-Threat Landscape Report, the exploits increased their volume in the last month, holding no less than 4 positions and almost 12 percent in the current Top 10. For instance, Trojan.Exploit.SSX abuses vulnerable sites when a malicious SQL code is injected into their databases. The result is an invisible iFrame element that redirects the user to an infected Web site that attempts to download and install several malicious payloads.

Last but not least, autorun infectors and downloaders occupied the remaining positions, with another noteworthy comeback of Packer.Malware.NSAnti.1 with its 2.09 percent. This malware with worm functionality spreads via infected Web sites or through maliciously crafted autorun.inf files within removable devices. NSAnti corrupts Internet Explorer behaviour and steals user names and passwords for online games, such as Silkroad Online or Lineage.

"The beginning of 2009 showed two important trends," said Head of BitDefender Antimalware Research, Sorin Dudea. "First, that Web-based distributed malware is still the most successful type of e-threat in the wild and secondly: that previous productive breeds are back with the same or even higher percentage. This confirms that the level of user awareness in terms of system security remains very low for defensive activities, such as patching the OS with the latest fixes, updating security suites or surfing the Web cautiously."

BitDefender's January 2009 Top 10 E-Threat list includes:

1. Trojan.Clicker.CM 5.40
2. Trojan.Wimad.Gen.1 4.32
3. Trojan.AutorunINF.Gen 4.22
4. Trojan.Downloader.Js.Agent.F 3.79
5. Trojan.Exploit.ANPI 3.59
6. Trojan.Exploit.SSX 3.36
7. Exploit.SinaDLoader.A 2.70
8. Trojan.Downloader.Wimad.A 2.56
9. Exploit.HTML.Agent.AO 2.30
10. Packer.Malware.NSAnti.1 2.09
Other malware 65.67
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo