Peer-to-Peer used to spread malware: BitDefender Jan report
By siliconindia   |   Tuesday, 02 February 2010, 17:46 IST
Printer Print Email Email
Bangalore: BitDefender has announced January's top ten e-threats. Leading the way this month is Trojan.Clicker.CM with 8.30 percent of the total amount of infected computers. Trojan.Clicker.CM is mostly found on file sharing websites such as torrent portals, "warez" communities and other services hosting pirated content. This Trojan is a small script which forces advertisements in your browser. While some of the advertisements are related to free online games, others may expose the computer user to pornography or other types of inappropriate content. At 8.17 percent, the second e-threat on January's Top Ten is Trojan.AutorunInf.Gen, a generic mechanism to spread malware using removable devices such as flash drives, memory cards or external hard-disk drives. "Two of the most famous families of malware, Win32.Worm.Downadup and Worm.Zimuse, also employ this approach to infect systems," said Catalin Cosoi, BitDefender's Senior Antispam Researcher. "While these removable devices might offer an easy solution when it comes to data transportation, they may also easily harm the computer if used carelessly. Libraries, copy shops, internet cafes and other public hotspots are usually the most notorious sources of infection," added Cosoi. Ranking third in this month's report, Win32.Worm.Downadup.Gen is responsible for 6.18 percent of the global infections. Exploiting a Microsoft Windows vulnerability, this worm spreads on other computers in the local network and restricts users' access to Windows Update and security vendors' web pages. Newer variants of the worm also install rogue antivirus applications, among others. The worm's persistence after more than one year since its original appearance reveals that most users are reluctant to update both the operating system and their locally-installed antimalware solution. BitDefender's fourth e-threat for January is Exploit.PDF-JS.Gen, with 5.76 percent of the total amount of infections. This generic detection deals with malformed PDF files exploiting different vulnerabilities found in Adobe PDF Reader's Javascript engine in order to execute malicious code on users' computer. Upon opening an infected PDF file, a specially crafted Javascript code triggers the download and automatic execution of malicious binaries from remote locations. Ranking fifth with 4.30 percent of the global infections, Trojan.Wimad.Gen.1 is mostly found on Torrent websites disguised as an episode of your favorite television series or film that has not been aired yet. These fake video files are able to connect to a specific URL and download malware, posing as the appropriate codec required for playing the file. Trojan.Wimad.Gen.1 is particularly active when box-office titles are expected to appear on file-sharing websites. BitDefender's full list of January 2010's Top Ten E-Threats include: 1 Trojan.Clicker.CM 8.30 2 Trojan.AutorunINF.Gen 8.17 3 Win32.Worm.Downadup.Gen 6.18 4 Exploit.PDF-JS.Gen 5.76 5 Trojan.Wimad.Gen.1 4.30 6 Win32.Sality.OG 2.73 7 Trojan.Autorun.AET 2.01 8 Worm.Autorun.VHG 1.69 9 Trojan.Script.254568 1.40 10 Trojan.JS.QAF 1.40 OTHERS 58.01

siliconindia