Malware reports

Malware Miscellany, September 2009

Table of Contents

After a lengthy interlude, we’re renewing our monthly malware almanac by popular demand. We’ve made quite a few changes to it, hopefully for the better – we’ll let you be the judge of that.

Категория Наименование
Top
3 countries for malicious URLs

Canada takes first
place, hosting more than 21% of the world’s malicious URLs. The US is
second with 16%, followed by China with 15%.

 

Top
3 countries hosting sites which spread malware

China claims first
place, hosting 26% of all malicious sites globally.
The US comes second with 18%, and Russia is third with 12%.

 

Malicious
site which affects the biggest number of Internet users

www.langlangdor.com
accounted for 1.62% of all online infections globally. This is a porn
site located in China. Porn always attracts a lot of visitors, and it’s
no secret that it’s often used by cybercriminals to spread malicious or
suspicious content. There’ve been attempts (which were blocked) to
spread a wide variety of Trojans from this site – most of them are
Trojan-Downloader.Win32.Agent and Trojan.Win32.StartPage variants.

 

Site
spreading the biggest number of unique malicious programs

 1142 unique
malicious programs were spread from www.gddsz.store.qq.com. The
programs vary widely, and cover virtually all the different types of
malware behavior in Kaspersky Lab’s classification.

 

Biggest
malicious program

In September, this
category was led by Trojan.Win32.Chifrax.d at 388 MB. There are
numerous modifications of this Trojan, all larger than 300 MB.
Trojan.Win32.Chifrax.d is the name used to detect CAB archives which
have been specially modified by virus writers in order to evade
antivirus solutions.

 

Smallest
malicious program

Trojan.BAT.Shutdown.ab
is a mere 30 bytes. It’s part of another Trojan that uses it to shut
down the victim computer without asking the user’s consent.

 

Most
widespread vulnerability on users’ computers

In late July, Adobe
Flash Players 9 and 10 were found to have multiple vulnerabilities that
can be exploited by cybercriminals to gain access to a system, run
arbitrary code, gain access to confidential data or bypass security
systems. More information about the vulnerabilities and how to fix
them, can be found at: https://threats.kaspersky.com/en/


 

Most
common exploit

Exploit.JS.DirektShow:
in combination with Exploit.Win32.DirektShow, this malware family
exploits a critical vulnerability in Internet Explorer 6.0 and 7.0 and
has recently become extremely widespread on the Internet.

 

Most
widespread malware on the Internet

In just a month, Packed.Win32.TDSS.z tried to penetrate
computers in 108 countries around the world.
 

Worst
joke (hoax programs that scare or annoy users but don’t have a clearly
malicious payload)
Hoax.JS.Agent.c
displays an obscene video clip and bombards victims with offensive
messages which can’t be stopped. 

Malware Miscellany, September 2009

Your email address will not be published.

 

Reports

The SessionManager IIS backdoor

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

APT ToddyCat

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.

WinDealer dealing on the side

We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack.

APT trends report Q1 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

Subscribe to our weekly e-mails

The hottest research right in your inbox