VIRUS & SPYWARE ALERT
With respect to the specific examples of malware causing
most infections,
the spyware Virtumonde is in first place,
followed by NaviPromo and SaveNow.
The latter are examples of
adware designed to display adverts.
Position Name
1 Spyware/Virtumonde
2 Adware/NaviPromo
3 Adware/SaveNow
4 Adware/VideoAddon
5 Adware/Comet
6 Adware/IST
7 Adware/Gator
8 Application/Webmediaplayer
9 Application/Altnet
10 Adware/OneStep
This weeks report also includes information about two new
worms:
Evata.A and Nahkos.A
Evata.A is a worm that spread through IRC and makes several
copies of itself on the system.
It also drops a file on
computers which contains a game, called “Super Rumble cube”,
and as such, tries to convince users that it is legitimate
software.
This worm blocks the services of certain security solutions
and connects to remote IRC servers
from which it receives
commands to execute on the compromised computer.
Evata.A
also steals information about the computer (characteristics,
IP address, etc.).
Nahkos.A is a worm that creates several copies of itself on
the system.
It also copies itself to P2P folders under
names like Sex_Game.exe and Sex_ScreenSaver.scr
in order to
spread to other computers.
Additionally, it makes copies in
mapped drives and removable devices along
with a file called
autorun.inf to ensure that it is run when users connect to
the drive.
This worm takes other malicious action including creating
several Windows registry entries.
One of these ensures that
it is run every time a session is started.
Nahkos.A is also
programmed to run automatically every day at 11:30 and
20:30.
Compliments of my friend
Rich Morris
Owner/Administrator
www.trafficheroes.com
|
