[Security] Oktoberfest 2011: beer, sausages and malware


Adware, downloading Trojans, e-mailers and, of course, Downadup were all found in Germany

If adware has been the key malicious factor in Germany for the past months, October brought a significant change in the regional malware landscape. It seems that Germany experiences a revolution in terms of e-threats targeting the local users. The resilient adware occupants of the top spots are now replaced by Java-based malware, in exploits and malware downloading Trojans.

Malware distribution for October 2011:
Java.Exploit.CVE-2010-0840.B saw a noteworthy spike from the tenth place straight to the top spot of the e-threat top in Germany. Furthermore, Java.Exploit.CVE-2010-0840.B is accompanied by three other members of its class - Trojan.Mailbot.DG (ranking fourth, with 3.16%), Trojan.Java.MailSend.A(fifth, with 2.97%) and Trojan.Exploit.ANSH (seventh, with 2.54%) together cumulating almost 14 percent of the total malware registered in Germany.

They share a couple of features as generic detections for pieces of malicious code that exploit a vulnerability in the Java virtual machine. The liability lies in the Java verification routine of some applets executing pieces of code that require certain privileges.The vulnerability allows an application to execute operations otherwise performed only by a logged-in user. These e-threats download a BHO and use it to download further malware on the compromised computer. Note that only the Windows OS users are in danger.

New entry in the top is the second ranking Trojan.Iframe.SC, a detection for iframe-injected html files with the purpose of redirecting the user’s search towards sites with randomly chosen pornographic content.

The infamous and industrious Win32.Worm.Downadup.Gen is again in third place. This is the most common e-threat to be found in people’s systems. Mainly it hinders users from updating operating systems or anti-virus solutions by restricting access to all related web pages. Sometimes, it may even download rogue AVs on compromised computers.

Germany’s top ranking e-threat for the past months, the Adware class, dropped five places in October. However, it is still well represented by no less than three e-threats: Gen:Variant.Adware.Hotbar.1,Dropped:Adware.Yabector.B and Adware.Yabector.B, ranking sixth, ninth and tenth, respectively.

Adware.Hotbar opens a browser toolbar and forces commercial pop-up messages on PC screens. It is actively used in the wild to monitor users’ online activities by creating profiles based on search habits which crooks would afterwards use to redirect searches toward advertising websites or virtual stores. Adware.Yabector mainly hijack the user’s browser to redirect web searches to advertising pages and online shops.

Eighth is packed executable file - Gen:Trojan.Heur.RP.zyX@aqIOShci – a keygen component for some other widespread malicious application used to generate unauthorized registration keys in order to defeat the commercial protection of shareware software products.

Comments

Post a Comment

Để lại góp ý của bạn để blog của mình hoàn thiện hơn :))

Popular posts from this blog

[Hack crack] Tổng hợp Google Dork

Image
/includes/header.php?systempath= /Gallery/displayCategory.php?basepath= /index.inc.php?PATH_Includes= /nphp/nphpd.php?nphp_config[LangFile]= /include/db.php?GLOBALS[rootdp]= /ashnews.php?pathtoashnews= /ashheadlines.php?pathtoashnews= /modules/xgallery/upgrade_album.php?GALLERY_BASEDIR= /demo/includes/init.php?user_inc= /jaf/index.php?show= /inc/shows.inc.php?cutepath= /poll/admin/common.inc.php?base_path= /pollvote/pollvote.php?pollname= /sources/post.php?fil_config= /modules/My_eGallery/public/displayCategory.php?basepath= /bb_lib/checkdb.inc.php?libpach= /include/livre_include.php?no_connect=lol&chem_absolu= /index.php?from_market=Y&pageurl= /modules/mod_mainmenu.php?mosConfig_absolute_path= /pivot/modules/module_db.php?pivot_path= /modules/4nAlbum/public/displayCategory.php?basepath= /derniers_commentaires.php?rep= /modules/coppermine/themes/default/theme.php?THEME_DIR= /modules/coppermine/include/init.inc.php?CPG_M_DIR= /modules/coppermine/themes/c
Read more

[Security] Internet blackout scheduled in protest of SOPA

Last night I spent an inordinate amount of time on reddit looking at pictures of baby hedgehogs, reading a Q&A with a theoretical physicist, and catching up on the intended blackouts protesting the Stop Online Piracy Act (SOPA) and its sister bill, Protect IP Act (PIPA). Haven’t heard about SOPA? It’s no wonder, since the mainstream media has been curiously silent on the issue. Maybe it’s because most of the big news outlets are owned by companies supporting SOPA. Nonetheless, reddit and others, such as Tucows, Cheezburger, game developer Red 5 Studios, and hacktivist group Anonymous, hope to make the issue broadly known with a coordinated internet blackout scheduled for January 18th. Things will really get interesting if the “nuclear option” is implemented where the likes of Wikipedia, Google, Facebook, Ebay, Yahoo!, LinkedIn, Tumblr, Mozilla, Twitter, and PayPal “go simultaneously dark” to join them in protest of the bill. You may have heard a blip of a news story during the
Read more