Malware Authors Benefit From Updates Not Being Installed
G Data, which recently analyzed malicious software for May 2011, has found that cyber-criminals are actively following the trend of exploiting un-patched security flaws that affect Web-browsers, implying that they aren't just exploiting new vulnerabilities as the lone ones. Help Net Security published this on June 10, 2011.
Specifically, computations by the researchers at G Data show that developers of malicious software have been trying to concentrate on Java vulnerabilities starting 2010-end. Such malicious software is already most dominant in the malware scenario, while it has lately got rid of PDF vulnerabilities out of the Top Ten e-threats list.
Suggests Head of SecurityLabs, Ralf Benzmuller from G Data, despite the availability of a large number of upgraded software, end-users must be careful not to disable automatic update functionalities. This, along with being true for Java, must additionally be true for every browser plug-in utilized as well as for every software program loaded onto a computer. PRLog published this on June 9, 2011.
The security company meanwhile, in its list of ten most widespread malware items, names Worm.Autorun.VHG, Trojan.Wimad.Gen.1, Java.Trojan.Downloader.OpenConnection.AO, Trojan.AutorunINF.Gen, Java.Trojan.Downloader.OpenConnection.AI, Java.Trojan.Downloader.OpenConnection.AN, Gen:Variant.Adware.Hotbar.1, HTML:Downloader-AU [Expl], Trojan.FakeAlert.CJM and Java:Agent-DU [Expl] as the e-threats for May 2011.
Of these, Java.Trojan.Downloader.OpenConnection.AO is found inside Java applets that are skillfully manipulated for online sites. In case any end-user downloads the applet, he will find a URL that the applet factor generates, with the downloader utilizing it for installing and running a malevolent .exe file on the end-user's PC.
Another malware in the list, Trojan.Wimad.Gen.1 poses as a usual audio file with a .wma extension although to play it one must load a special decoder/codec to his Windows PC. However, once executed, this file lets any arbitrary malware to be loaded onto the affected PC.
Next, the Gen:Variant.Adware.Hotbar.1 is mostly loaded surreptitiously as belonging to non-chargeable application obtainable from programs like XviD, VLC and so on. Apparently, 'Hotbar' and 'Clickpotato' support the present application version.
Finally, Trojan.AutorunINF.Gen recognizes both unfamiliar and familiar malevolent autorun.inf files, which start automatically and are exploited in the form of malware dissemination systems through removable devices, USB sticks, DVDs and CDs.
Related article: Malware Authors Turn More Insidious
» SPAMfighter News - 21-06-2011