Top malware in May according to computer security company BitDefender is an Autorun trojan.

May’s top malware goes by the name of Trojan.AutorunInf.Gen and represents just over 13% of all global malware. It’s designed to use external hard drives, memory cards and flash drives to spread malware. And although Microsoft may have discarded its Windows Autorun feature from its latest operating systems and from Vista SP2, early versions are still vulnerable.

Next on the top malware list for May is the infamous Kido, or Conficker, which goes by the tag of Win32.Worm.Downadup. This nasty virus takes a bow for around 6% of global infections and attacks a Windows vulnerability. It spreads via local network computers and stops users trying to access Windows updates and security companies web pages. Latest versions of Windows has removed the vulnerability, but people using older operating systems should ensure that they have updated their operating systems and anti-virus applications.

In third place and close behind the Conficker on the top malware list is another Trojan which accounts for some 5% of all infections. It’s official name is Trojan.FakeAV.KUE and it’s based on JavaScript code. It creates anti-virus scams and the malware gets hosted either on sites that unknowingly carry the virus, or malicious sites. Once people download this type of malware, it triggers various fake alerts offering rogue antivirus software.

Coming fourth is the May top malware list is Win32.Sality.OG. It’s the only file infector virus in the top ten and it’s a device which appends its encrypted code to executable files (.exe and .scr binaries). It does this by deploying a rootkit which kills any antivirus applications on the computer. This means that it remains undetected and unable to carry out its malicious tasks.

In the fifth place is a new one to the top malware charts. It’s a Trojan and is responsible for a tad over 2% of infections. Called the Trojan.Swizzor.2, it acts as a pathfinder for a number of other pieces of malicious software.

BitDefender’s top malware chart for May includes:

1. Trojan.AutorunINF.Gen 13,24%
2. Win32.Worm.Downadup.Gen 5,84%
3. Trojan.FakeAV.KUE 5,11%
4. Win32.Sality.OG 2,68%
5. Gen:Variant.Swizzor.2 2,12%
6. Trojan.Autorun.AET 2,02%
7. Gen:Heur.Krypt.24 2,01%
8. Worm.Autorun.VHG 1,97%
9. Gen:Variant.Rimecud.2 1,91%
10. Exploit.PDF-JS.Gen 1,76%

One things is for sure, try to avoid any of the top malware for May.

Guest Article by Neil Camp

Its been reported that a Trojan Horse attack has been mounted on Google’s Chrome browser.

The warning that the Trojan Horse attack is being perpetuated by cyber criminals intent on exploiting Google’s increasing popular Chrome browser was posted in a BitDefender blog.

The blog, called Malware City, regularly updates people on virus trends and BitDefender, like most of the computer security companies, see it as their role to alert computer users worldwide to threats and trends.

The Trojan Horse attack is based on the virus posing as a Google Chrome extension. It has been circulated by invidious hackers who now see Chrome as a very viable target. The method of the Trojan Horse attack is via an email which falsely claims that Google has launched a new Chrome extension which helps the user to better organise documents received in emails.

BitDefender discovered that the link that this spurious email contained was back to a fake page posing as a genuine Google Chrome extension page. And this page contained a download which contained an executable file contained the malware, the Trojan Horse attack.

Once downloaded, the Trojan Horse actually blocks attempts by the user to access Google and Yahoo websites, sending them instead to other websites which are loaded with other malicious files and content.

BitDefender has identified this Trojan Horse attack. It’s called Trojan.Agent.20577 and it’s one most definitely to be avoided at all costs.

How to Protect Against Trojan Horse Attacks

Don’t get careless; even if you have the best antivirus software that is always up to date Trojans can still attack. To prevent getting attacked by a Trojan horse before you download a file and open it. Ensure you are confident you know the source and the content of the file. You can protect yourself from Trojans by only downloading files from websites you are certain are 100% genuine.

Trojan attacks can also come from friends, via email or instant messenger, as many Trojan attacks are designed to spread automatically. If the email looks suspicious with spammy content then do not click on the attachment. If in doubt you can always ask the recipient if the attachment is genuine. You can also use antivirus software to scan the file.
 

Guest Article by Neil Camp

BitDefender, which claims to develop and market the industry’s most effective line of international certified software, has issued warnings that a particular nasty Trojan is being downloaded by people in the mistaken belief that it is an application which will unlock their iPhone.

iPhone owners are receiving emails that contain a link which leads to a download which claims will open and run a new version of an iPhone unlocking application. And this application, falsely claims the hackers, will undo the vendor instigated network restrictions.

Those unfortunate enough to get taken in and click the link, are sent to a web page which then tells them how to download the malware laden application. And BitDefender has named the Trojan within the application as Trojan.BAT.AACL.

Mihai Andrei Livadaru, a BitDefender virus researcher, said:
“After being urged to connect their iPhone to a PC, the victims are then instructed to download the application and run it on the iPhone. However, once installed the executable file causes a Trojan virus to be infected in the PC.”

The Trojan.BAT.AACL is malware code that arrives as a Windows batch file which sits alongside the unlocking application for the iPhone.

Once the Trojan is downloaded, it begins its insidious work to change the preferred DNS server address on the violated computer. This might involve several possible connections and the server address is changed to 188.210.[REMOVED].

Once this has taken place, the user’s computer is effectively in the hands of the hackers. And once the server address has been changed, it means that the creator of the malware programme can literally monitor the users’ attempts to reach the websites in question, and rather than allowing them to connect, redirect them to other websites. These other websites of course will facilitate the insertion of other malware code, or allow the perpetrator to steal vital bits of information including username and passwords.

So, as always, beware of emails promising gifts – they mostly deliver a whole lot more and none of it fun.

If you receive an email with a nasty Trojan such as the fake iPhone unblocker you do not need to worry if you have your computer sufficiently protected with antivirus software. If your computer does not have an antivirus program installed, then you will continue to experience difficulties and are placing yourself in financial danger. This is because the hackers who have infected your system are trying to get hold of your personal information which could lead them to gaining access to your online banking account.

Guest Article by Neil Camp

The latest threat report from BitDefender shows that top of the nasty parade for March was a USB Trojan.

Known by the tag Trojan.Autoruninf.Gen, it accounted, says BitDefender, for 13% of total global malware in March. Trojan.Autoruninf.Gen is a mechanism of a generic nature which is designed to spread via removable drives. It exploits an established vulnerability when people swap files using physical devices such as memory sticks.

Number two in March was that old favourite the Conficker, or Kido as its otherwise known. Although at 6% of total global malware in March less than half the threat posed by Trojan.Autoruninf.Gen, it is still being a nuisance and hanging around. Its trick is to exploit a Microsoft Windows vulnerability and to get rid of it, users have to update their operating system and ensure that their anti virus software is up to date.

In third is another old favourite, one which gets hold of Adobe’s PDF Reader’s JavaScript engine and uses it to piggy back malicious code into a computer. It’s known as Exploit.PDF-JS.Gen and it’s a nasty piece of work which uses a very commonly used application.

But talking of nasties, in fourth is one that takes the biscuit. It’s a file infector known as Win32.Sality.OG. What’s makes this family of infectors so bad, is that it’s protected by a polymorphic code, which makes it extremely difficult to firstly detect and then remove. What’s more, the rootkit part of the virus does its best to disable antivirus applications on the computer its attacking. One to be avoided at all costs.

In at number five this is the Trojan.JS.Downloader.BIO. Inserted into legimate webpages via SQL injection methods and tactics, this is actually JavaScript. It only targets those websites built with ASP. Another characteristic of Trojan.JS.Downloader.BIO. is that is forms cookies from bits of information about a victim’s browsing habits which are then sent to a website based in China.

That’s the top five, but here’s the complete BitDefender run for March:

1. Trojan.AutorunINF.Gen 13,40
2. Win32.Worm.Downadup.Gen 6,19
3. Exploit.PDF-JS.Gen 5,30
4. Win32.Sality.OG 2,58
5. Trojan.JS.Downloader.BIO 2,13
6. Trojan.Autorun.AET 1,95
7. Gen:Heur.Krypt.21 1,921
8. Worm.Autorun.VHG 1,78
9. Exploit.PDF-Payload.Gen 1,67
10. Trojan.Wimad.Gen.1 1,42.

Guest Article by Neil Camp

BitDefender, which provides anti-malware security solutions, has won its sixth consecutive VBSpam Award for it’s BitDefender Security for Mail Servers 3.0.2.

This leading application, designed for Linux servers, came out with a Gold following the latest Virus Bulletin Anti-Spam Comparative Review. The review revealed there was only one false positive out of 2,400 legitimate emails.

The test involved using a SuSE Linux Enterprise Server 11 for a 11-day period. Emails were sent to a number of Virus Bulletin email addresses and were mixed with spam emails provided by Project Honey Pot. And the emails were also sent in multiple language and character sets, including English, French, Russian, Dutch, Norwegian and Asian languages.

The result was an impressive 97.84% of spam messages were caught during the test, giving a false positive rate of only 0.04%.

Catalin Cosoi, Senior Researcher at BitDefender, said:
“We are thrilled to receive another VBSpam Award for BitDefender Security for Mail Servers 3.0.2. This award represents our sixth consecutive honour from Virus Bulletin, and we are particularly happy with test results showing only a single false positive out of 2400 genuine emails.”

The company say the success of the BitDefender is based on a new technology based on live query. This originates from the cloud-computing paradigm, providing an immediate response time and protection to users all over the world, regardless of language or what type of spam they receive.

How Does BitDefender Antivirus Software work?

In practice, it works by first scanning an incoming email locally with proprietary, proactive antispam solutions. If the email passes the initial filtering sequence, but still cannot be categorised as spam, or a legitimate message, then a proprietary algorithm extracts key elements from the analysed mail. This then creates something similar to a unique encrypted fingerprint of that message. Finally, if the BitDefender network of servers finds a match in its databases of known spam fingerprints, it issues a block command to the client application.

This provides a very thorough technique of catching spam emails.

Guest Article by Neil Camp

Computer security company BitDefender says Barclays’ customers have been the target of a new phishing attack.

It reported the phishing attack involved a trick email which tried to lure the Barclays customers to a false Barclays website. The email stated Barclays had been acquired by another company as a result of the lending crisis.

To increase the sense of urgency and the need to take swift action, the email used the words, “We temporarily suspend access to your user…”, plus the old chestnut, “…in order to avoid further action…” hinting that failure to do as the email said, would mean a cessation of banking services.

And the message contained a link which directed the readers of the message to the false website. Once on the false website – made to look like an official Barclays web space – the banks’ customers were being asked not only for their very sensitive five digit passcode, but also details of their memorable word. This detail is useful as its used as a password recovery hint for online bank accounts.

Nick Billington, BitDefender UK managing director, warned people to be on the watch for such blatant attacks. He said:
“Banks do not send out this type of message, under any circumstances. Users should approach any unsolicited message seeking personal data with extreme scepticism. If in doubt simply delete the email.

“But the most important thing to remember is not to click links in emails which require logins. It is good practice to always type website addresses in manually.”

How to protect yourself from phising scams

To help people avoid being taken for a ride by such scams, BitDefender reminds everyone of some common sense rules.

Firstly, use an anti-phishing filter, as well as tour other security applications provided by your security suite, before you browse onto your online bank account. Secondly, ensure that the site your bank’s site uses SSL encryption (Secure Socket Layer) and security authentication methods – look for the “https” prefix and the locked padlock.

Thirdly, avoid using a non-secured computer; don’t use any computer but your own and that should have good computer security applications running in the background. Fourthly, along the same lines as the previous point, do not ever use public computers to check your bank details.

And fifthly, if you are using your own laptop say on the road, do not use wireless connections unless they can be secured and encrypted. Wireless signals can be ‘captured’ and sensitive information hijacked; what’s known in the jargon as a drive by attack.

So, online banking is convenient and a useful tool, but always be aware that access to your account is what the cyber-criminals are after.

Guest Article by Neil Camp

Taking spot in BitDefender’s monthly hall of shame is the malware Trojan.AutorunInf.Gen.

BitDefender, a company which produces anti-malware security solutions, produces a monthly e-threat report in which it lists the latest malware baddies.

And top throughout February was the Trojan.AutorunInf.Gen which is what’s known as a generic mechanism which uses removable devices – including external hard-disks, memory cards and flash drives – to spread malware between devices.

Removable devices are the theme of BitDefender’s February e-report and they warn against the ease by which these handy aids can be compromised. Indeed, say BitDefender, they are responsible for around 9% of global infections.

Catalin Cosoi, BitDefender’s senior researcher, said:
“External devices should be scanned on a regular basis. This safe practice should be used especially when these devices have been plugged into library computers, copy shops, and other public locations that are known to be likely sources of infection.”

Conficker, or Kido, or to give its correct title, Win32.Worm.Downadup.Gen, is proving very resilient, appearing regularly in the nasties line-up.

Catalin Cosoi, BitDefender’s senior researcher, added:
“The continuous presence of Win32.Worm.Downadup.Gen — also known as Conficker or Kido — in our monthly e-threat lists proves most users are reluctant to update their operating system and locally-installed antimalware solution, in addition to installing the security fixes issued by Microsoft more than a year ago. Newer variants of the worm also install rogue antivirus applications, amongst others.”

Coming third and fourth in the list is to gain access to a computer via manipulated PDF files and various vulnerabilities found in the Adobe PDF Reader JavaScript engine. Once they have compromised a computer, malicious code is then executed from the ‘dirty’ machine.

The complete list is made up of:

1. Trojan.AutorunINF.Gen 9.09
2. Win32.Worm.Downadup.Gen 6.24
3. Exploit.PDF-JS.Gen 5.13
4. Exploit.PDF-Payload.Gen 4.21
5. Trojan.Wimad.Gen.1 3.37
6. Win32.Sality.OG 2.77
7. Trojan.Autorun.AET 1.92
8. Worm.Autorun.VHG 1.85
9. Exploit.Comele.A 1.48
10. Trojan.SWF.HeapSpray.B 1.40

BitDefender was particularly keen to highlight the invidious threat called Trojan.Wimad.Gen.1, sitting at number five. This is one Trojan that likes to hide in favourite downloadable television series and movies.

Guest Article by Neil Camp

BitDefender, the creator’s of one of the industry’s fastest and most effective lines of internationally certified security software, has released some top tips for festive shoppers to take whilst online shopping.

Says BitDefender’s senior Antispam researcher Catalin Cosoi
“Taking advantage of the many benefits of online shopping like competitive pricing, great selection, or even freebies like zero shipping fees and free gift wrapping, doesn’t have to cost consumers more than they’ve bargained for.

“By being aware of a few key issues, consumers can shop safely with the knowledge they need to protect their personal information and their PC.”

First top tip is know where you’re shopping from and read the small print. BitDefender are keen to remind people that not every website is legimate, with some cybercriminals either creating virtual copies of well known branded sites, or creating their own very convincing merchant sites. In short, only buy from those who are genuine high-street, or online retails.

Second top tip is beware of those online merchants who want more than your name and email address in order to cash in a coupon. Remember that a legitimate site will not ask for more than is necessary to redeem the coupon. But many illegal and bogus sites target online shoppers with online promotions and to entice a consumer to enter personal information in order to receive coupons or other merchandise. This is then used elsewhere, mainly to build clone identities.

Third, and anyone who ignores this point do so at their peril, never use a PC to shop unless it has an up-to-date and properly working security suite on board. Surf, or email, without such a security suite and it’s only a matter of time before you become infected.

Fourth, stick to the sites you know and trust, or have used successfully before. If unsure about a site, have a look in the chat rooms and forums, and see if there are any rumours, or gossip.

Fifth – remember the old adage that there is no such thing as a free lunch. You must be very wary of special offers, or unbelievable deals. They can often end with your computer being infected.

Sixth tip; use credit cards where possible, as they offer more protection than debit cards, and even better, see if you can pay cash on delivery.

Finally, look out for the https connection to a website. It’s not a guarantee of safety, but most of the sites thus connected are safe.

Guest Article by Neil Camp 

Along with Symantec and McAfee, and a whole host of other computer security companies, BitDefender has announced that its new line-up of products which are compatible with Microsoft’s new operating system Windows 7.

BitDefender’s products – including Total Security, Internet Security and Antivirus – have all received certification ensuring that they work with Microsoft Windows 7. And they claim they provide customers with enhanced security, as well as innovative user interface features and reliability improvements.

The 2010 BitDefender line-up includes a number of new features:

• optimised scanning improvements
• active Virus Control
• first-ever usage profiles
• key system enhancements which is aimed at providing industry-leading proactive protection against all internet security threats, without slowing PC performance.

Ross Brown, Vice President of ISV and Solutions Partners for the Worldwide Partner Group at Microsoft, said:
“Our ISV community is alive with innovation, and we’re committed to helping our partners drive the next generation of software experiences. Adding compatibility for the latest Microsoft operating systems helps ISVs to stay ahead of the competition and give their customers access to cutting-edge technologies.”

Vince Hwang, BitDefender Global Director, Product Management, said:
“Working together with Microsoft to achieve this certification allows BitDefender to meet the changing needs of our customers and provide the very best in security solutions to our users. These include intuitive user interfaces with usage profiles that cover anyone from gamers to parents, as well as improved security and reliability features including Active Virus Control, an innovative technology that monitors programs running on a user’s computer and detects malware-like actions as they execute.”

BitDefender claims to be the creator of one of the industry’s fastest and most effective lines of internationally certified security software.

The Company’s Antivirus 2010 product BitDefender Antivirus 2010 has also just received AV-Comparatives’ top certification level for its quality of performance. In all, some 16 antivirus products were tested by AV-Comparatives in August. They sought to find out which software had the highest detection rates and lowest false positives.

Viorel Canja, BitDefender’s head of antimalware lab, said:
“We are particularly pleased with this achievement as it is further proof that BitDefender provides the highest level of protection. The test shows that on this occasion we have outperformed our rivals in terms of false positive ratings with the lowest number of occurrences.”

Guest Article by Neil Camp

Trojans dominated the top ten e–threats for September according to a top security software company.

BitDefender, creator of one of the industry’s fastest and most effective lines of internationally certified security software, produce a table of malware that represents the biggest threat on a month to month basis.

And in number one spot for September is the Trojan.Clicker.CM. The reason for this, ponder BitDefender, may be due to Tojan.Clicker’s popularity as a weapon of choice amongst purveyors of "warez." This a term used by malware developers to describe compromised software.

In second place is Trojan.AutorunINF.Gen and this is a generic detection for Trojans that use Autorun. Number three spot in this line-up of nasties goes to the Trojan.Wimad.Gen.1.

The infamous Conficker is never far away from any malware list and in this particular chart it occupies the fourth slot. BitDefender labels Conficker, in all its various guises, as Win32.Worm.Downadup.Gen.

At number five is an exploit which uses a vulnerability in the way some versions of the Adobe PDF reader parse embedded JavaScript is gaining popularity again. Exploit.PDF-JS.Gen is one to be careful of.

Trojan.Exploit.JS.Y slots into the number six position. It’s a malicious piece of JavaScript, usually found on compromised or malicious websites.

In the number seven spot, down from number five, and a long-time star of the BitDefender’s Top 10 E-Threat is Win32.Sality.OG. It’s an encrypted, polymorphic file infector and appears set for a very long cybercrime "career".

In the eight and nine slots are two threats which use the Autorun security loophole found in older versions of Windows. BitDefender point out that the lower-spreading of the two threats is actually a downloader component used to spread the ever-present Conficker, or Kido worm (aka Downadup).

Bringing up the rear in tenth is Trojan.Skintrim.HTML.A, a type of HTML page usually found associated with adware programs such as Navipromo.

BitDefender’s September 2009 Top 10 E-Threat list is made up of:

1. Trojan.Clicker.CM 10.98%
2. Trojan.AutorunINF.Gen 9.58%
3. Trojan.Wimad.Gen.1 5.52%
4. Win32.Worm.Downadup.Gen 4.68%
5. Exploit.PDF-JS.Gen 4.09%
6. Trojan.Exploit.JS.Y 3.44%
7. Win32.Sality.OG 2.75%
8. Trojan.Autorun.AET 2.27%
9. Worm.Autorun.VHG 1.78%
10. Trojan.Skintrim.HTML.A 1.49%
11. Others 53.41%

Guest Article by Neil Camp