Your Ad Here

Friday, February 29, 2008

Virus Information Report

Top 10 most prevalent global malware1. TROJ_GENERICMalware Type: TrojanThis is the Trend Micro generic detection for low-threat Trojans. It also installs itself as a browser helper object (BHO) by creating certain registry keys.2. WORM_NUWAR.CQMalware Type: WormThis worm arrives as an attachment to mass-mailed email messages. It spreads by attaching a copy of itself to an email message, which it sends using its own Simple Mail Transfer Protocol (SMTP) engine. Having its own SMTP engine allows it to send messages without using any mailing application, such as MS Outlook. 3. WORM_NYXEM.EMalware Type: WormThis worm propagates by attaching copies of itself to email messages that it sends to target addresses, using its own SMTP engine. Through this SMTP engine, it is able to easily send the email message without using other mailing applications, such as Microsoft Outlook.4. WORM_NETSKY.DAMMalware Type: WormThis is Trend Micro's detection for the damaged samples of WORM_NETSKY variants. It runs on Windows 95, 98, ME, NT, 2000 and XP.5. HTML_NETSKY.PMalware Type: HTMLThis HTML malware arrives as an email with an executable file attachment that is detected by Trend Micro as WORM_NETSKY.P. It exploits a known vulnerability in Internet Explorer versions 5.01 and 5.5 known as the Automatic Execution of Embedded MIME Type. This vulnerability causes Internet Explorer to automatically run executable file attachments in email messages.6. TROJ_SMALL.EDWMalware Type: TrojanThis Trojan arrives as a file dropped by other malware like WORM_NUWAR.CQ or as a file downloaded unknowingly by a user when visiting malicious URLs. It may also arrive as a downloaded copy by earlier variants. It is also spammed via email using subject lines related to specific events. The image below is a sample of the said email message. 7. WORM_RONTKBR.GENMalware Type: WormThis is Trend Micro's detection for unknown and future variants of WORM_RONTOKBRO and WORM_BRONTOK malware programs. It serves as a proactive means of safeguarding against possible attacks of the aforementioned malware.8. WORM_ANIG.AMalware Type: WormThis memory-resident worm propagates by dropping copies of itself in shared network drives. It steals login information and saves the obtained data in a file, which can be retrieved by a remote user. Its keylogger component substitutes the standard Microsoft Graphical Identification and Authentication DLL (MSGINA.DLL) to carry out its information-stealing routine.9. PE_PARITE.AMalware Type: WormThis file infector infects .EXE and .SCR files on an infected system and on remote network shares with read and write access. It makes use of port 30167 in order to access network shares. It stays in memory by injecting itself into EXPLORER.EXE; thus, hiding its running process. 10. WORM_MOFEI.BMalware Type: WormThis destructive, memory-resident worm attempts to log on to remote machines using a list of user names. It then drops and executes a copy of itself on the remote machines. It has backdoor capabilities, and may execute commands coming from a remote malicious user. The said routine provides the remote user virtual control over the affected machine, thus compromising system security.

No comments: