Нет ответов в данной теме

[News Robot]

February 2, 2009

Doctor Web presents the virus activity review for January 2009. The
first month of 2009 went rather smoothly except for the outbreak of
Win32.HLLW.Shadow.based. It didn’t see mass mailings spreading
malicious code in attachments or directing users to bogus web-sites.
However, fraudulent SMS, fake anti-viruses, new Trojans turning user
machines into botnet zombies as well as phishing attacks were
registered every now and then.


Win32.HLLW.Shadow.based (Net-Worm.Win32.Kido, W32.Downadup,
Worm:Win32/Conficker)

In January Doctor Web issued a warning about the outbreak of the
Win32.HLLW.Shadow.based polymorphic worm. This malicious program
showed once again that installation of critical updates for Windows
and other software is a must for every user willing to maintain high
security of the system. It is also recommended to disable the autorun
for removable drives as it is exploited by Win32.HLLW.Shadow.based as
well as by many other malicious programs. Strange as it seems but the
epidemics may have a positive effect upon users learning to use
stronger passwords for the Trojan attempts to crack an administrator
password in order to spread over a local network.

Virus analysts of Doctor Web have been adding entries for new
modifications of Win32.HLLW.Shadow.based into the virus database
throughout the January. If you suspect that your system is infected
with the polymorphic worm, install all critical updates for the
version of Windows you use, disconnect the machine from the network
and use Dr.Web CureIt! to scan your system. Computers running Dr.Web
for Windows with its virus databases updated regularly are protected
from attempts of Win32.HLLW.Shadow.based to get into the system.


E-cards

Even though the e-card disguise for malware has been well known for
quite a while it remains as efficient as ever. In December 2008 and
January 2009 numerous fake New Year and Christmas greeting
notifications got in mailboxes of millions of users. As January drew
to the end, web-sites supposedly providing Valentine greetings began
to emerge. Trojan.Spambot is one of many malicious programs that get
to user machines from such sites. Also known as Waledac the Trojan
turns a compromised system into a zombie.


SMS-fraud

Criminals also attempted to get more money from accounts of
subscribers of mobile operators. They used malware to encrypt data
stored on a computer of a victim and demanded him to pay for their
decryption. They could also demand money for removal of a malicious
program installed as a browser plugin or lure a user into downloading
and installing of a program on the phone that would start sending paid
SMS. The malicious program is detected by Dr.Web as Java.SMSSend.19.


Fake anti-viruses

Fake anti-viruses also retained their popularity. Even if a program
didn’t perform any malicious tasks in a compromised system it was
still harmful as fraudsters received money for a useless piece of
code. In January one of numerous web-sites offered online scanning of
a system.

[IMAGE]

All machines that were checked for viruses by the ”anti-virus” got
infected. Moreover, when scanning was completed, a victim was offered
to download another malicious program detected by Dr.Web as
Trojan.Fakealert.3914. [IMAGE]


Phishing

The number of phishing attacks was lower in January compared with
previous months. Main targets of criminals in the last month were
customers of amazon.ca and PayPal.

[IMAGE]

[IMAGE]


Malicious programs in e-mail traffic in January

01.01.2009 00:00 - 01.02.2009 00:00

1

Win32.Virut

14723 (18.70%)

2

Win32.HLLM.MyDoom.based

13479 (17.12%)

3

Trojan.MulDrop.18280

6235 (7.92%)

4

Trojan.MulDrop.13408

4594 (5.84%)

5

Trojan.MulDrop.16727

4357 (5.53%)

6

Win32.HLLM.Alaxala

4022 (5.11%)

7

Win32.Sector.12

2686 (3.41%)

8

Win32.HLLM.Beagle

2141 (2.72%)

9

Win32.HLLM.Netsky.35328

1944 (2.47%)

10

Win32.HLLM.Netsky

1698 (2.16%)

11

Trojan.Click.22109

1570 (1.99%)

12

Win32.HLLM.Mailbot

1498 (1.90%)

13

Win32.HLLW.Shadow.3

1405 (1.78%)

14

Win32.HLLM.Perf

1353 (1.72%)

15

Trojan.MulDrop.19648

1252 (1.59%)

16

Win32.HLLM.MyDoom.33

1182 (1.50%)

17

Win32.Virut.5

968 (1.23%)

18

Win32.IRC.Bot.based

769 (0.98%)

19

W97M.Thus

687 (0.87%)

20

BackDoor.Dosia.72

619 (0.79%)


Scanned:

321,156,519

Infected:

78,718 (0.02%)


Malicious programs on user machines in January

01.01.2009 00:00 - 01.02.2009 00:00

1

Win32.HLLW.Gavir.ini

2451656 (19.14%)

2

DDoS.Kardraw

2058062 (16.06%)

3

Win32.HLLM.Generic.440

714503 (5.58%)

4

VBS.Generic.548

453207 (3.54%)

5

Win32.Virut.5

435746 (3.40%)

6

Win32.Alman

358676 (2.80%)

7

Trojan.Recycle

349560 (2.73%)

8

Trojan.Starter.881

303349 (2.37%)

9

Win32.Sector.16

210250 (1.64%)

10

Win32.HLLW.Shadow.based

209118 (1.63%)

11

Win32.HLLM.Lovgate.2

188398 (1.47%)

12

Win32.HLLP.Neshta

174684 (1.36%)

13

Win32.HLLP.Jeefo.36352

169943 (1.33%)

14

Win32.HLLW.Autoruner.2536

159100 (1.24%)

15

VBS.PackFor

138289 (1.08%)

16

Win32.Sector.12

128054 (1.00%)

17

Win32.HLLW.Autoruner.5555

127353 (0.99%)

18

Win32.Sector.5

123027 (0.96%)

19

Trojan.DownLoader.42350

119657 (0.93%)

20

Win32.HLLM.Perf

88711 (0.69%)


Scanned:

70,489,000,159

Infected:

12,811,152 (0.02%)


View the article