Servizi   Carrello  Conto personale   Contattaci  
English Русский Italiano    
Ricerca Prodotti
 

Scelgi Valuta
News Detail

  
04/08/2008
July 2008 virus activity review by Doctor Web    di  Doctor Web, Ltd.

Doctor Web, Ltd presents the virus activity review for July 2008.

Virus epidemics causing uproar and panic among Internet users have long since passed. Nowadays malicious activities are less overt and in most cases remain unnoticed by inexperienced users. The July reaffirmed this tendency making “Trojan activity review” somewhat more appropriate title for this article for it is Trojans of all sorts that are brought in focus here.

 

Concerning Trojans

Trojans of the Virtumod family are the most interesting species from the point of view of analysis and working out a curing algorithm. Other anti-virus vendors classify them as Virtumonde/Vundo/Monder. By now these malicious programs have not paved their way to enter the glorious top ten spread malware but one can quite often come across with them in the wild. Very few anti-viruses can boast successful detection of such Trojans, let alone successfully cure them. The reason behind this complexity for anti-virus vendors is an operation algorithm employed by virus makers who are very consistent in the three or even four-way development of their polymorphic packer. Recent months saw over 10 modifications with dozens of thousands of samples for each type of the packer. The figures are based on data of other anti-virus vendors along with Dr.Web and also take into account samples found during an online virus scan.

Virtumod is not the sole active example of the off-line polymorphism. Now it is clear that without the centralized development of counteraction to this trend and without a versatile technology for prompt implementation of identifying of polymorphic packers in an anti-virus kernel the anti-virus industry may soon find itself inept in the face of emerging challenges.

Trojan.Clb is another malicious program spreading rather rapidly. It contains a rootkit and uses the splicing technology to hide files on disks and entire branches of the registry. Besides, there is also Trojan.DnsChange.967 that substitutes DNS server IP addresses on routers that support configuration via the web-interface. It imposes a real danger for users connected to wireless networks where the web-interface is typically used to configure routers. Users connecting to the Internet via a Wi-Fi access point can fall a victim of the DNS IP address substitution with their private data leaked to an unknown recipient.

Trojan.Okuks getting to a PC can also become a rather unpleasant surprise. Most anti-viruses have no problems detecting it. Meanwhile curing the malware is something entirely different. Incorrect curing of a system file infected by the Trojan or deletion of such a file without fixing the registry will get a Windows user a permanent BSOD after the first reboot.

 

The leaders

Actually there is only one leader that wanders up and down the top ten and seems to be reluctant to step down. Here we speak about worms belonging to the Autorunner family which are in abundance received by Doctor Web, Ltd. for the online virus scan.

Flash drives we got used to at home or in the office become the primary carrier for the worm. Virtually every user owns a flash drive. Employees carry data on flash drives on a business trip or take their work to their homes. However, along with the increased labour productivity the convenient storage device also imposes a threat because becoming one of the preferred means of spreading for viruses. But the most remarkable thing is that a flash drive is not the only USB device that can be compromised by the worm. It can get to a photo or a video camera or a mobile phone as easily. An Autoranner worm took the top notch in the anti-virus stats on the global infection level for servers protected by Dr.Web anti-viruses.

 

Malware in the mail traffic

 01.07.2008 00:00 - 31.07.2008 23:00 
1 Win32.HLLW.Autoruner.437 239451 (18.39%)
2 Win32.Dref 109607 (8.42%)
3 Win32.HLLM.Netsky.35328 89795 (6.90%)
4 Win32.HLLM.Netsky.based 45561 (3.50%)
5 Win32.HLLM.Beagle 42279 (3.25%)
6 Win32.HLLM.MyDoom.based 28334 (2.18%)
7 Win32.HLLM.Generic.440 26898 (2.07%)
8 Adware.Cydoor 26143 (2.01%)
9 Win32.HLLP.Jeefo.36352 24710 (1.90%)
10 Win32.Virut 22588 (1.73%)
11 Trojan.MulDrop.16727 22380 (1.72%)
12 Trojan.Starter.544 21632 (1.66%)
13 Win32.Sector.20480 21616 (1.66%)
14 Win32.Alman 21354 (1.64%)
15 VBS.Igidak 19669 (1.51%)
16 Danish.based 18572 (1.43%)
17 Trojan.MulDrop.6474 18481 (1.42%)
18 Win32.HLLW.Gavir.ini 17191 (1.32%)
19 Win32.HLLW.Autoruner.1831 15596 (1.20%)
20 Trojan.Packed.511 13550 (1.04%)

Malware detected on workstations

 01.07.2008 00:00 - 31.07.2008 23:00 
1 Trojan.Starter.516 202341 (18.09%)
2 Win32.HLLW.Gavir.ini 106435 (9.51%)
3 Win32.HLLW.Autoruner.274 91205 (8.15%)
4 Trojan.Recycle 90006 (8.05%)
5 Win32.HLLW.Autoruner.437 76710 (6.86%)
6 Trojan.Starter.544 72730 (6.50%)
7 JS.Nimda 40157 (3.59%)
8 VBS.Redlof 38242 (3.42%)
9 Win32.HLLM.Generic.440 37992 (3.40%)
10 Win32.HLLP.Whboy 24129 (2.16%)
11 Win32.HLLW.Autoruner.2272 21893 (1.96%)
12 Adware.SaveNow.128 17982 (1.61%)
13 Program.RemoteAdmin 17230 (1.54%)
14 BackDoor.IRC.Sdbot.55 15902 (1.42%)
15 Win32.HLLP.PissOff.36864 15670 (1.40%)
16 Win32.HLLP.Jeefo.36352 13282 (1.19%)
17 Trojan.Packed.511 11425 (1.02%)
18 VBS.Generic.548 8984 (0.80%)
19 Win32.HLLP.Sector 8273 (0.74%)
20 Exploit.IFrame.41 8101 (0.72%)
Designed by mixer ®, 2006

Sign up for PayPal and start accepting credit card payments instantly.
© Copyright 2006-18 MotleySoft.com, a service of MediaPro (p.iva 09509960010). All rights reserved
All prices listed are subject to change without notice. Not responsible for typographical errors.
   Politica sulla Privacy