Top Five E-Threats – January 2010

PDF   RSS

Autorun and JavaScript – January’s main vectors of infection

People’s constant need to interact makes them targets for all sorts of malicious software. This month’s top e-threats are to be found mostly on torrents, “warez” and other peer-to-peer platforms.

Trojan.Clicker.CM ranks first in January’s Top, with 8.30 percent of the total amount of infected computers and is mostly found on file sharing websites such as torrent portals, “warez” communities and other services hosting pirated content. The Trojan is in fact a small script forcing advertisements in your browser. While some of the advertisements are related to free online games, others may expose the computer user to hardcore pornography or other types of inappropriate content.

With a percentage of 8.17, the second e-threat on January’s Top is Trojan.AutorunInf.Gen, a generic mechanism to spread malware using removable devices such as flash drives, memory cards or external hard-disk drives. For instance, Win32.Worm.Downadup and Worm.Zimuse are two of the most famous families of malware to use this approach to infect other systems. So, great attention should be paid to the use of such external devices: they may be an easy solution when it comes to data transportation, but they might easily harm the computer if used carelessly. Libraries, copy shops and other public hotspots are usually the most notorious sources of infection.

Ranking third in this month’s e-threat report, Win32.Worm.Downadup.Gen is responsible for 6.18 percent of the global infections. Exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (MS08-67), this worm spreads on other computers in the local network and restricts users’ access to Windows Update and security vendors’ web pages. Newer variants of the worm also install rogue antivirus applications, among others. The worm’s persistence after more than one year since its original appearance reveals that most users are reluctant to updating both the operating system and their locally-installed antimalware solution.

BitDefender’s fourth e-threat for January is Exploit.PDF-JS.Gen, with 5.76 percent of the total amount of infections. This generic detection deals with malformed PDF files exploiting different vulnerabilities found in Adobe PDF Reader's Javascript engine in order to execute malicious code on users’ computer. Upon opening an infected PDF file, a specially crafted Javascript code triggers the download and automatic execution of malicious binaries from remote locations.

Ranking fifth with 4.30 percent of the global infections, Trojan.Wimad.Gen.1 is mostly found on Torrent websites disguised as an episode of your favorite series that has not been aired yet. These fake video files are able to connect to a specific URL and download malware posing as the appropriate codec required for playing the file. Trojan.Wimad.Gen.1 is particularly active when box-office titles are expected to appear on file-sharing websites.

BitDefender’s January 2010 Top 10 E-Threat list includes:

About BitDefender®
BitDefender is the creator of one of the industry's fastest and most effective lines of internationally certified security software. Since its inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention. Every day, BitDefender protects tens of millions of home and corporate users across the globe - giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information about BitDefender and its products are available at the company’s security solutions press room. Additionally, BitDefender’s www.malwarecity.com provides background and the latest updates on security threats helping users stay informed in the everyday battle against malware.