Malware Miscellany, September 2009

Contents

    After a lengthy interlude, we’re renewing our monthly malware almanac by popular demand. We’ve made quite a few changes to it, hopefully for the better – we’ll let you be the judge of that.

    Категория Наименование
    Top
    3 countries for malicious URLs

    Canada takes first
    place, hosting more than 21% of the world’s malicious URLs. The US is
    second with 16%, followed by China with 15%.

     

    Top
    3 countries hosting sites which spread malware

    China claims first
    place, hosting 26% of all malicious sites globally.
    The US comes second with 18%, and Russia is third with 12%.

     

    Malicious
    site which affects the biggest number of Internet users

    www.langlangdor.com
    accounted for 1.62% of all online infections globally. This is a porn
    site located in China. Porn always attracts a lot of visitors, and it’s
    no secret that it’s often used by cybercriminals to spread malicious or
    suspicious content. There’ve been attempts (which were blocked) to
    spread a wide variety of Trojans from this site – most of them are
    Trojan-Downloader.Win32.Agent and Trojan.Win32.StartPage variants.

     

    Site
    spreading the biggest number of unique malicious programs

     1142 unique
    malicious programs were spread from www.gddsz.store.qq.com. The
    programs vary widely, and cover virtually all the different types of
    malware behavior in Kaspersky Lab’s classification.

     

    Biggest
    malicious program

    In September, this
    category was led by Trojan.Win32.Chifrax.d at 388 MB. There are
    numerous modifications of this Trojan, all larger than 300 MB.
    Trojan.Win32.Chifrax.d is the name used to detect CAB archives which
    have been specially modified by virus writers in order to evade
    antivirus solutions.

     

    Smallest
    malicious program

    Trojan.BAT.Shutdown.ab
    is a mere 30 bytes. It’s part of another Trojan that uses it to shut
    down the victim computer without asking the user’s consent.

     

    Most
    widespread vulnerability on users’ computers

    In late July, Adobe
    Flash Players 9 and 10 were found to have multiple vulnerabilities that
    can be exploited by cybercriminals to gain access to a system, run
    arbitrary code, gain access to confidential data or bypass security
    systems. More information about the vulnerabilities and how to fix
    them, can be found at: www.viruslist.com/en/advisories/35948


     

    Most
    common exploit

    Exploit.JS.DirektShow:
    in combination with Exploit.Win32.DirektShow, this malware family
    exploits a critical vulnerability in Internet Explorer 6.0 and 7.0 and
    has recently become extremely widespread on the Internet.

     

    Most
    widespread malware on the Internet

    In just a month, Packed.Win32.TDSS.z tried to penetrate
    computers in 108 countries around the world.
     

    Worst
    joke (hoax programs that scare or annoy users but don’t have a clearly
    malicious payload)
    Hoax.JS.Agent.c
    displays an obscene video clip and bombards victims with offensive
    messages which can’t be stopped. 

    Related Posts

    Leave a Reply

    Your email address will not be published. Required fields are marked *