Ten Most Prevalent Malware Threats Unveiled

Cisco while releasing a report for Q2-2010 reveals that the most prevalent malware is Gumblar that accounted for 5.4% of the total malicious programs during Q2-2010 against 11% during Q1-2010.

A downloader, Gumblar plants a file, duly encrypted, on infected computers. It executes the encrypted file devoid of the user's permission, inserting JavaScript inside HTML web-pages that a Web-server returns or a Web-browser displays.

Meanwhile, among the other top e-threats in Cisco's list are a fresh JS.Redirector sample on No.2 namely JS.Redirector.cq (5.3%). Just as other members of its family do, this Trojan too employs malevolent JavaScript for diverting Web-surfers.

Also, placed on No.3 is PSW.Win32.Infostealer.bnkb, a keylogger accounting for 3% of all detections in Q2-2010. When active, it seizes the user's keystrokes seeking to intercept particular Web-transactions, capturing account numbers, usernames and passwords - information that ordinarily relates to online banking.

Then on No.4 was Mal/GIFIframe-A (2.4%), according to Cisco's report. This malware utilizes <iframe> tags, abusing iframes, which have been inserted inside encoded files, with the encoding accomplished with JPG/GIF the well-known imaging formats.

Next on Cisco's list is JS.Redirector.AT (2.2%), one other member of the Trojan group notorious for diverting Web-surfers onto unintended sites. Reportedly, these landing sites display porn, load malware, and phish for sensitive information.

Moreover, on No.6 is Worm.Win32.VBNA.b (2.2%), which places itself inside the Documents and Settings directory of a user's computer, creating a new registry. VBNA then automatically executes as also spreads itself onto other computers through file-sharing system.

Furthermore, Backdoor.Win32.Alureon (2.1%) occupied the 7th spot. Alureon, reportedly represents a malware group whose members are vibrant, multi-featured trojans designed to yield income through a victim's online transactions. Subsequently, on No.8 and representing 2.0% of all encounters is JS.Redirector.BD, a JavaScript Trojan, which diverts Web-surfers onto other websites.

Following this, however, is Mal/Iframe-F (1.9%) on No.9, while Cisco enlists Backdoor.TDSSConf.A (1.9%) as the tenth encounter. This last malware is a kernel-mode rootkit of the TDSS group of Trojans.

Eventually, based on the study of the e-threats, Cisco recommended that users should maintain anti-malware engines, phishing filters and up-to-date patches to deflect any e-threat from infecting their computers.

Related article: Twin Phishing E-Mails Pose from Bank of Hanover

» SPAMfighter News - 8/17/2010