Growing Malware Threat Associated With Use Of Memory Sticks

Dec. 1, 2009 - PRLog -- According to BitDefender, the biggest risk to computer users is currently Trojan.AutorunINF.Gen, a generic family of malware abusing the Autorun feature in Microsoft Windows operating systems. By default, every removable storage device features an autorun.ini script that instructs the computer which file to execute when the device is plugged in. Malware authors are now tampering with these files to make it launch various malicious applications.

Trojan.Clicker.CM ranks second in BitDefender’s top ten e-threats list for November. This is mostly found on websites hosting illegal applications such as cracks, key generators and serial numbers for popular commercial software applications. The Trojan is mostly used to force advertisements inside the users’ browser in order to boost their advertisement revenue.

Ranking third this month is Win32.Worm.Downadup.Gen. The worm relies on the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (MS08-67) in order to spread on other computers in the local network and restricts users’ access to Windows Update and security vendors’ web pages. Newer variants of the worm also install rogue antivirus applications.

Trojan.Wimad takes the fourth place. The Trojan mostly exploits the capability of ASF files to automatically download the appropriate codec from a remote location in order to deploy infected binary files on the host system.

Exploit.PDF-JS.Gen is a generic detection for specially crafted PDF files which exploit different vulnerabilities found in Adobe PDF Reader's Javascript engine, in order to execute malicious code on a user's computer. Upon opening an infected PDF file, a specially crafted Javascript code triggers the download of malicious binaries from remote locations. The threat ranks fifth this month.

Win32.Sality.OG ranks sixth. It is a polymorphic file infector that appends its encrypted code to executable files (.exe and .scr binaries). In order to hide its presence on the infected machine, it deploys a rootkit and attempts to kill antivirus applications installed locally.

Seventh place goes to Trojan.Autorun.AET, a malicious code spreading via the Windows shared folders, as well as through removable storage devices. The Trojan exploits the Autorun feature implemented in Windows for automatically launching applications when an infected storage device is plugged in.

Worm.Autorun.VHG is an Internet /network worm that exploits the Windows MS08-067 vulnerability in order to execute itself remotely using a specially crafted RPC (remote procedure call) package (an approach also used by Win32.Worm.Downadup). The worm ranks eighth in this month’s top ten.

In ninth position, Trojan.Inject.RA is a password-stealing Trojan that mostly targets Lineage II computer players. This specific variant has a key logging component that intercepts users’ keystrokes and sends them to a remote attacker via HTTP or SMTP protocols.

Trojan.Downloader.Bredolab.AZ ranks tenth in this month’s list. Disguised as a Microsoft Word document, the Trojan drops a DLL file and registers it as a Browser Helper Object. Trojan.Downloader.Bredolab.AZ monitors users’ keyboard input via a key logging component and sends the data to a website located in Russia.


BitDefender’s November 2009 Top 10 E-Threat list includes:

1   Trojan.AutorunINF.Gen                        8.45
2   Trojan.Clicker.CM                        7.87
3   Win32.Worm.Downadup.Gen   5.62
4   Trojan.Wimad.Gen.1                        5.00
5   Exploit.PDF-JS.Gen                        3.23
6   Win32.Sality.OG                        2.57
7   Trojan.Autorun.AET                        2.05
8   Worm.Autorun.VHG                        1.59
9   Trojan.Inject.RA                        1.45
10   Trojan.Downloader.Bredolab.AZ      1.20
   OTHERS                                              60.97


To stay up-to-date on the latest e-threats, sign-up for BitDefender's RSS feeds here http://www.bitdefender.co.uk/site/Using-Rss-Feeds.html
 

About BitDefender®
BitDefender is the creator of one of the industry's fastest and most effective lines of internationally certified security software. Since its inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention. Every day, BitDefender protects tens of millions of home and corporate users across the globe - giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information about BitDefender and its products are available at the company’s security solutions press room. Additionally, BitDefender’s http://www.malwarecity.com provides background and the latest updates on security threats helping users stay informed in the everyday battle against malware.

For more information see http://www.bitdefender.co.uk

ENDS

Contact:
Nick Billington
BitDefender Country Manager (UK and Ireland)
Tel: 0845 130 5096
E-mail: nbillington@bitdefender.co.uk


Issued by:
Mike Ottewell
MJO PR for BitDefender UK
Tel: 0845 883 3435
E-mail: mottewell@bitdefender.co.uk