Malware reports

Malware Miscellany, September 2009

Table of Contents

After a lengthy interlude, we’re renewing our monthly malware almanac by popular demand. We’ve made quite a few changes to it, hopefully for the better – we’ll let you be the judge of that.

Категория Наименование
Top
3 countries for malicious URLs

Canada takes first
place, hosting more than 21% of the world’s malicious URLs. The US is
second with 16%, followed by China with 15%.

 

Top
3 countries hosting sites which spread malware

China claims first
place, hosting 26% of all malicious sites globally.
The US comes second with 18%, and Russia is third with 12%.

 

Malicious
site which affects the biggest number of Internet users

www.langlangdor.com
accounted for 1.62% of all online infections globally. This is a porn
site located in China. Porn always attracts a lot of visitors, and it’s
no secret that it’s often used by cybercriminals to spread malicious or
suspicious content. There’ve been attempts (which were blocked) to
spread a wide variety of Trojans from this site – most of them are
Trojan-Downloader.Win32.Agent and Trojan.Win32.StartPage variants.

 

Site
spreading the biggest number of unique malicious programs

 1142 unique
malicious programs were spread from www.gddsz.store.qq.com. The
programs vary widely, and cover virtually all the different types of
malware behavior in Kaspersky Lab’s classification.

 

Biggest
malicious program

In September, this
category was led by Trojan.Win32.Chifrax.d at 388 MB. There are
numerous modifications of this Trojan, all larger than 300 MB.
Trojan.Win32.Chifrax.d is the name used to detect CAB archives which
have been specially modified by virus writers in order to evade
antivirus solutions.

 

Smallest
malicious program

Trojan.BAT.Shutdown.ab
is a mere 30 bytes. It’s part of another Trojan that uses it to shut
down the victim computer without asking the user’s consent.

 

Most
widespread vulnerability on users’ computers

In late July, Adobe
Flash Players 9 and 10 were found to have multiple vulnerabilities that
can be exploited by cybercriminals to gain access to a system, run
arbitrary code, gain access to confidential data or bypass security
systems. More information about the vulnerabilities and how to fix
them, can be found at: https://threats.kaspersky.com/en/


 

Most
common exploit

Exploit.JS.DirektShow:
in combination with Exploit.Win32.DirektShow, this malware family
exploits a critical vulnerability in Internet Explorer 6.0 and 7.0 and
has recently become extremely widespread on the Internet.

 

Most
widespread malware on the Internet

In just a month, Packed.Win32.TDSS.z tried to penetrate
computers in 108 countries around the world.
 

Worst
joke (hoax programs that scare or annoy users but don’t have a clearly
malicious payload)
Hoax.JS.Agent.c
displays an obscene video clip and bombards victims with offensive
messages which can’t be stopped. 

Malware Miscellany, September 2009

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2022

This is our latest summary of advanced persistent threat (APT) activities, focusing on events that we observed during Q3 2022.

APT10: Tracking down LODEINFO 2022, part I

The first part of this report will provide technical analysis of the new infection methods such as SFX files and DOWNIISSA, a new downloader shellcode used to deploy the LODEINFO backdoor.

Subscribe to our weekly e-mails

The hottest research right in your inbox