RSS Alerts

Share

More services

Related Links

  • BitDefender
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Zbot head and shoulders high in October malware charts
    The October malware charts - just released by Sunbelt Software - show that the password-stealing trojan threat Trojan-Spy.Win32.Zbot.gen maintained the top spot on the list for the seventh straight month and is growing at an alarming rate.
  • Trojans dominate BitDefender's latest e-threats report
    According to BitDefender's monthly malware and e-threats report for October, the trojan Trojan.Clicker.CM continues to take pole position in the malware popularity charts.
  • Zero Day of the Dead
    The data load that has accompanied the globalization of trade would make even Atlas stagger. And that’s without the added burden of counter-terrorisAs you read this, zombie programs are flitting across the internet like a pestilence to infect and drain the life from innocent computer systems. Yet, for all the aggravation and grief they cause, you may never know you are part of a global invasion of the system snatchers, says William Knight. Unless…
  • A Rotting Security Apple?
    Vendors, analysts, and commentators alike have long predicted a surge in malware affecting Apple’s products. Yet, until recently, these prognostications have failed to materialize. Drew Amorosi examines recent malware threats to Apple’s OS X operating system to find out if this is an anomaly, or a sign of things to come
  • Counterclank is not malware, just aggressive adware
    Following Symantec’s weekend claim that up to five million Androids may be infected with Counterclank, other researchers suggest that the code is adware rather than malware.

Top 5 Stories

News

Windows autorun trojan tops November malware chart

02 December 2009

The latest monthly malware chart from BitDefender claims to show that the largest risk to computer users is currently Trojan.AutorunINF.Gen, a generic family of trojan malware abusing the autorun feature in Windows.

According to the IT security vendor, by default, every removable storage device features an autorun.ini script that instructs the computer which file to execute when the device is plugged in.

Malware authors,  BitDefender said, are now tampering with these files to make it launch various malware applications such as trojans when portable devices such as USB sticks are plugged in.

Second slot in BitDefender's malware charts is taken by the trojan Trojan.Clicker.CM, which has ridden high for some time.

This malware is typically found on websites hosting illegal applications such as cracks, key generators and serial numbers for popular commercial software applications.

The trojan is mostly used to force advertisements inside the users' browser in order to boost their advertisement revenue.

Ranking third this month was the worm Win32.Worm.Downadup.Gen, which relies on the Windows server service RPC (remote procedure call) handling remote code execution vulnerability (MS08-67) in order to spread on other computers in the local network.

Downadup - a variant of Conficker - restricts users' access to Windows Update and security vendors web pages. Newer variants of the worm also install rogue anti-virus applications.

Fourth place is taken by the trojan Trojan.Wimad, a piece of malicious code which BitDefender said exploits the capability of ASF files to automatically download the appropriate codec from a remote location, in order to deploy infected binary files on the host system.

In firth place, meanwhile, comes Exploit.PDF-JS.Gen, a generic detection for specially crafted PDF files which exploit different vulnerabilities found in Adobe PDF Reader's Javascript engine.

Once inserted, the exploit executes malicious code on a user's computer. And upon opening an infected PDF file, a specially crafted Javascript code triggers the download of malicious binaries from remote locations.

Ranking sixth is Win32.Sality.OG, a polymorphic file infector that appends its encrypted code to executable files - in order to hide its presence on the infected machine, the executable deploys a rootkit and attempts to kill anti-virus applications installed locally.

Seventh place goes to Trojan.Autorun.AET, a malicious trojan code spreading via the Windows shared folders, as well as through removable storage devices.

The trojan is reported to exploit the autorun feature implemented in Windows for automatically launching applications when an infected storage device is plugged in.

Worm.Autorun.VHG, in eighth place, is an internet / network worm that exploits the Windows MS08-067 vulnerability in order to execute itself remotely using a specially crafted RPC package - the same approach used by Conficker / Downadup.

In ninth position, Trojan.Inject.RA is a password-stealing trojan that mostly targets Lineage II computer players. This specific variant has a key logging component that intercepts users' keystrokes and sends them to a remote attacker via HTTP or SMTP protocols.

Last, but not least in BitDefender's November charts, is the trojan Trojan.Downloader.Bredolab.AZ, which comes disguised as a Microsoft Word document.

Bitdefender said that the trojan is notable for dropping a DLL file and registering it as a Browser Helper Object. The torjan then monitors users' keyboard input via a key logging component and sends the data to a website located in Russia.

This article is featured in:
Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012