Most Malware Employed Obfuscated Techniques in August 2007

ESET, a security firm located in Bratislava and the developer of anti-virus suite Nod32, said that a large amount of malware in the month of August 2007 used certain types of obfuscation techniques.

Threats that employed obfuscation methods to cover their malicious activities like polymorphism, runtime packing and injection of junk code were responsible for almost 8% of malware unearthed in August.

ThreatSense.Net by ESET, which records the detection figures by investigating the client computers all over the world, reported that Win32/Obfuscated, a classified name for all types of malicious codes that intentionally hide their true purpose, was on top of the list of the malware threats that ESET detected in the month of August in the year 2007.

Win32/Obfuscated comprises of software that has hostile, malicious or damaging intentions or behavior, which are used to compromise an individual PC or the entire networks.

The second position in the list was for Win32/Agent with 3.4% of the total malware threats. The malware has capabilities similar to a Trojan and has the ability to work as agents on an affected computer to link directly back to the central server or provide a backdoor onto the compromised PC. The launch of Win32/Agent results in its copying onto the %WINDIR%\System32 under some random name that runs every time the computer restarts the Windows program.

Another malware called Win32/TrojanDownloader.Ani.gen came down from the first place to the third in the month of August in 2007, while Win32/Agent.ARK occupied the fourth place accounting for 2.33% of all the detections. Win32/Agent.ARK aims to control an infected computer system in order to execute arbitrary commands and download more software in the system.

This malware makes a connection with a command and control the server apparently located in Singapore, said Paul Brook, ESET's Managing Director at UK, in a statement through a company press release. Sourcewire.com published the release in news on 13 September 2007. Such botnet enabling software often updates itself with additional functions, which is capable of bypassing filtration by signature-based anti-virus solutions, he added.

Software developing company called Secure Computing found in its recent research that three-quarters of malware or even more detected in August 2007 had Trojan features.

Related article: Most Malware Use File Packing To Escape Detection

» SPAMfighter News - 9/29/2007