Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Threat analysis for April from McAfee

McAfee : 02 May, 2008  (Technical Article)
Threat analysis report reveals top phishing scams, brands targeted and most prevalent internet threats during April.
Every month researchers at McAfee's Avert Labs monitor the latest security attacks and collate the information on the biggest threats facing Internet users.

The information below highlights the top ten phishing scams, top ten brands targeted by phishing scams and the top three Internet threats for April 2008.

Top 10 Phishing Scams:

1. Comerica Bank - DigiCert, we make renewing easy.
2. Comerica Bank Certificate is due to expire 1st May 2008.
3. Comerica Bank - certificate approved and ready to Download/Instal.
4. Comerica Bank - you've purchased an SSL Certificate.
5. Comerica Bank - SSL Certificate Renewal.
6. DigicertSSL Single-Cert Renewal Comerica TM Connect Web Bank.
7. Your Renewed SSL Certificate Comerica Bank.
8. Comerica Bank - your DigiCert Customer Account.
9. Comerica TM Connect Web Bank Certificate is due to expire 1st May 2008.
10. Comerica Bank - Certificate Renewal.


* Wachovia - 45%.
* Comercia - 42%.
* Natwest - 13%.

MOST PREVALENT VIRUSES (EUROPEAN PCs scanned by McAfee) - April 2008

The most prevalent threats for April 2008 - a monthly tracker of the leading threats that are infecting computers across Europe:

Name of Threat: VBS/Psyme.
Type of Threat: Trojan.
Threat aimed at: A new variant of VBS/Psyme has been observed which is part of a threat that attempts to spread on the premise that it offers a codec to see a video of the suicide attack that killed Pakistani Prime Minister Benazir Bhutto. For more information on this threat, please see the Avert Blog. Recently, this threat was proactively detected on a major Korean website. The exploit was hidden in an legitimate webpage believed to have been subjected to unauthorised modifications. Similar incidents had been reported before, on other relatively less known websites. This threat causes unpatched Internet Explorer clients to download and execute further malware.
No. of PC's scanned: 912,893.
PC's Infected: 5.54%.

Name of Threat: Adware-ZangoSA.
Type of Threat: Program.
Threat aimed at: McAfee AVERT recognizes that this may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.
This is a program that when active on a computer, can display pop-up advertising, and may also redirect browsers to websites controlled by the makers of this program. The EULA also allows updates and further programs to be installed on a computer running this application.
No. of PC's scanned: 912,893.
PC's Infected: 5.14%.

Name of Threat: Expolit-ByteVerify.
Type of Threat: Trojan.
Threat aimed at: This detection covers Java applets that attempt to exploit the Microsoft Security Bulletin MS03-011 vulnerability. The severity of this vulnerability is considered to be critical. It allows an attacker to execute malicious code, simply by visiting an infectious website. Detections of this exploit do not necessarily mean that any malicious code was executed. It simply means that a Java applet was found to contain the exploit code. Conversely malicious code may have been run, which could result in any number of modifications to the system.
All vulnerable systems should apply the patch from Microsoft. Patched systems are immune from the effects of the exploit code. However, detection will still occur on files attempting to make use of this exploit.
There are no obvious signs of infection. AVERT has received field samples that use this exploit to create a registry script file, and merge it into the system registry. This script simply altered the default start page of Internet Explorer.
No. of PC's scanned: 912, 893.
PC's Infected: 4.19%.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo