BitDefender’s lineup of the ten most prevalent threats for April is dominated by Trojans, an on-going trend for this year. These threats, which spread by deceiving the recipient, occupy seven of the ten positions. There are also a couple of worms, exploits and viruses to break up the "trojan parade".
In tenth position and highlighting the importance of the Web as the preferred infection vector, there is a "silent" trojan designed for injection into legitimate websites which are vulnerable to this type of attack. This device is used solely to make visitors' browsers load exploit code. Examples detected by BitDefender include Exploit.SWF.Gen and Trojan.Exploit.ANPW; sitting in sixth and fifth place respectively. This combination actually exists and is found mainly on Chinese malicious websites.
Trojan.Peed.Gen (aka the venerable Storm Worm) has recorded a significant 1.81% of detections for April, although this time around it is used as a dropped component for some other threat: A sign, maybe, that it has outlived its effectiveness as an infector and is used now only for the control functionality it provides to an attacker.
A newcomer Trojan.KillAV.PT occupies eighth place. This is a form of "utility"
malware, which kills any antivirus or security process it can find (from a long list) on the target machine. It prevents them from running ever again, then decrypts and executes a downloader, which in turn downloads and installs a game password stealer.
In seventh place, Win32.Sality is the only true virus in the April top ten. This is a polymorphic file infector which modifies executable files (.exe and .scr) appending its encrypted body at the end of files in a newly created section.
This spreads by linking to an infected executable from the Autorun.INF file found on removable media or network shares. This is an old trick that has served the much newer Downadup aka - Conficker - well.
The Conficker worm occupies fourth place, under the Win32.Worm.Downadup.Gen.
Its capabilities are well known by now, but the fact that it is still spreading vigorously enough to take up more than three percent of detections by itself, is something of a surprise after all this time.
Commenting on the April listing, Sorin Dudea, Head of BitDefender Antivirus Lab said: "We can only hope the high detection rate is due to the fact that more people who were previously infected are now using effective antivirus protection. However, we cannot discount the possibility that the worm is being replicated by a sizeable network of infected machines.
Two rather old adware trojans, Wimad and Clicker occupy the third and second spots.
Trojan.AutorunINF.Gen occupies first place. It is not a single e-threat, but rather a generic name for trojans which use the Autorun.INF spreading mechanism outlined above; but in these cases without a specific signature being added.
"We're happy to see this kind of generic, no-human-in-the- loop detection work well," adds Mr. Dudea. "The future of reliable antivirus countermeasures will depend on adapting to new e-threats in real time and such techniques pave the way for this approach."
Name - %
1 Trojan.AutorunINF.Gen - 9
2 Trojan.Clicker.CM - 8.47
3 Trojan.Wimad.Gen.1 - 5.68
4 Win32.Worm.Downadup.Gen - 3.05
5 Trojan.Exploit.ANPW - 2.84
6 Exploit.SWF.Gen - 2.4
7 Win32.Sality.OG - 2.1
8 Trojan.KillAV.PT - 1.91
9 Dropped:Trojan.Peed.Gen - 1.81
10 Trojan.Exploit.SSX - 1.74
OTHERS - 60.99
For further details on the latest malware detected in the wild, please visit BitDefender’s Defense Portal site.
BitDefender is the creator of one of the industry's fastest and most effective lines of internationally certified security software. Since our inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention. Every day, BitDefender protects tens of millions of home and corporate users across the globe—giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information is available at www.bitdefender.co.uk
MJO PR for BitDefender UK
Tel: 01538 361217
BitDefender Country Manager
(UK and Ireland)
Tel: 0845 130 5096
Fax:- 0845 130 5069
This press release was distributed by ResponseSource Press Release Wire on behalf of MJO Associates in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.