May’s top malware goes by the name of Trojan.AutorunInf.Gen and represents just over 13% of all global malware. It’s designed to use external hard drives, memory cards and flash drives to spread malware. And although Microsoft may have discarded its Windows Autorun feature from its latest operating systems and from Vista SP2, early versions are still vulnerable.

Next on the top malware list for May is the infamous Kido, or Conficker, which goes by the tag of Win32.Worm.Downadup. This nasty virus takes a bow for around 6% of global infections and attacks a Windows vulnerability. It spreads via local network computers and stops users trying to access Windows updates and security companies web pages. Latest versions of Windows has removed the vulnerability, but people using older operating systems should ensure that they have updated their operating systems and anti-virus applications.

In third place and close behind the Conficker on the top malware list is another Trojan which accounts for some 5% of all infections. It’s official name is Trojan.FakeAV.KUE and it’s based on JavaScript code. It creates anti-virus scams and the malware gets hosted either on sites that unknowingly carry the virus, or malicious sites. Once people download this type of malware, it triggers various fake alerts offering rogue antivirus software.

Coming fourth is the May top malware list is Win32.Sality.OG. It’s the only file infector virus in the top ten and it’s a device which appends its encrypted code to executable files (.exe and .scr binaries). It does this by deploying a rootkit which kills any antivirus applications on the computer. This means that it remains undetected and unable to carry out its malicious tasks.

In the fifth place is a new one to the top malware charts. It’s a Trojan and is responsible for a tad over 2% of infections. Called the Trojan.Swizzor.2, it acts as a pathfinder for a number of other pieces of malicious software.

BitDefender’s top malware chart for May includes:

1. Trojan.AutorunINF.Gen 13,24%
2. Win32.Worm.Downadup.Gen 5,84%
3. Trojan.FakeAV.KUE 5,11%
4. Win32.Sality.OG 2,68%
5. Gen:Variant.Swizzor.2 2,12%
6. Trojan.Autorun.AET 2,02%
7. Gen:Heur.Krypt.24 2,01%
8. Worm.Autorun.VHG 1,97%
9. Gen:Variant.Rimecud.2 1,91%
10. Exploit.PDF-JS.Gen 1,76%

One things is for sure, try to avoid any of the top malware for May.

Guest Article by Neil Camp

The warning that the Trojan Horse attack is being perpetuated by cyber criminals intent on exploiting Google’s increasing popular Chrome browser was posted in a BitDefender blog.

The blog, called Malware City, regularly updates people on virus trends and BitDefender, like most of the computer security companies, see it as their role to alert computer users worldwide to threats and trends.

The Trojan Horse attack is based on the virus posing as a Google Chrome extension. It has been circulated by invidious hackers who now see Chrome as a very viable target. The method of the Trojan Horse attack is via an email which falsely claims that Google has launched a new Chrome extension which helps the user to better organise documents received in emails.

BitDefender discovered that the link that this spurious email contained was back to a fake page posing as a genuine Google Chrome extension page. And this page contained a download which contained an executable file contained the malware, the Trojan Horse attack.

Once downloaded, the Trojan Horse actually blocks attempts by the user to access Google and Yahoo websites, sending them instead to other websites which are loaded with other malicious files and content.

BitDefender has identified this Trojan Horse attack. It’s called Trojan.Agent.20577 and it’s one most definitely to be avoided at all costs.

How to Protect Against Trojan Horse Attacks

Don’t get careless; even if you have the best antivirus software that is always up to date Trojans can still attack. To prevent getting attacked by a Trojan horse before you download a file and open it. Ensure you are confident you know the source and the content of the file. You can protect yourself from Trojans by only downloading files from websites you are certain are 100% genuine.

Trojan attacks can also come from friends, via email or instant messenger, as many Trojan attacks are designed to spread automatically. If the email looks suspicious with spammy content then do not click on the attachment. If in doubt you can always ask the recipient if the attachment is genuine. You can also use antivirus software to scan the file.
 

Guest Article by Neil Camp

iPhone owners are receiving emails that contain a link which leads to a download which claims will open and run a new version of an iPhone unlocking application. And this application, falsely claims the hackers, will undo the vendor instigated network restrictions.

Those unfortunate enough to get taken in and click the link, are sent to a web page which then tells them how to download the malware laden application. And BitDefender has named the Trojan within the application as Trojan.BAT.AACL.

Mihai Andrei Livadaru, a BitDefender virus researcher, said:
“After being urged to connect their iPhone to a PC, the victims are then instructed to download the application and run it on the iPhone. However, once installed the executable file causes a Trojan virus to be infected in the PC.”

The Trojan.BAT.AACL is malware code that arrives as a Windows batch file which sits alongside the unlocking application for the iPhone.

Once the Trojan is downloaded, it begins its insidious work to change the preferred DNS server address on the violated computer. This might involve several possible connections and the server address is changed to 188.210.[REMOVED].

Once this has taken place, the user’s computer is effectively in the hands of the hackers. And once the server address has been changed, it means that the creator of the malware programme can literally monitor the users’ attempts to reach the websites in question, and rather than allowing them to connect, redirect them to other websites. These other websites of course will facilitate the insertion of other malware code, or allow the perpetrator to steal vital bits of information including username and passwords.

So, as always, beware of emails promising gifts – they mostly deliver a whole lot more and none of it fun.

If you receive an email with a nasty Trojan such as the fake iPhone unblocker you do not need to worry if you have your computer sufficiently protected with antivirus software. If your computer does not have an antivirus program installed, then you will continue to experience difficulties and are placing yourself in financial danger. This is because the hackers who have infected your system are trying to get hold of your personal information which could lead them to gaining access to your online banking account.

Guest Article by Neil Camp

Known by the tag Trojan.Autoruninf.Gen, it accounted, says BitDefender, for 13% of total global malware in March. Trojan.Autoruninf.Gen is a mechanism of a generic nature which is designed to spread via removable drives. It exploits an established vulnerability when people swap files using physical devices such as memory sticks.

Number two in March was that old favourite the Conficker, or Kido as its otherwise known. Although at 6% of total global malware in March less than half the threat posed by Trojan.Autoruninf.Gen, it is still being a nuisance and hanging around. Its trick is to exploit a Microsoft Windows vulnerability and to get rid of it, users have to update their operating system and ensure that their anti virus software is up to date.

In third is another old favourite, one which gets hold of Adobe’s PDF Reader’s JavaScript engine and uses it to piggy back malicious code into a computer. It’s known as Exploit.PDF-JS.Gen and it’s a nasty piece of work which uses a very commonly used application.

But talking of nasties, in fourth is one that takes the biscuit. It’s a file infector known as Win32.Sality.OG. What’s makes this family of infectors so bad, is that it’s protected by a polymorphic code, which makes it extremely difficult to firstly detect and then remove. What’s more, the rootkit part of the virus does its best to disable antivirus applications on the computer its attacking. One to be avoided at all costs.

In at number five this is the Trojan.JS.Downloader.BIO. Inserted into legimate webpages via SQL injection methods and tactics, this is actually JavaScript. It only targets those websites built with ASP. Another characteristic of Trojan.JS.Downloader.BIO. is that is forms cookies from bits of information about a victim’s browsing habits which are then sent to a website based in China.

That’s the top five, but here’s the complete BitDefender run for March:

1. Trojan.AutorunINF.Gen 13,40
2. Win32.Worm.Downadup.Gen 6,19
3. Exploit.PDF-JS.Gen 5,30
4. Win32.Sality.OG 2,58
5. Trojan.JS.Downloader.BIO 2,13
6. Trojan.Autorun.AET 1,95
7. Gen:Heur.Krypt.21 1,921
8. Worm.Autorun.VHG 1,78
9. Exploit.PDF-Payload.Gen 1,67
10. Trojan.Wimad.Gen.1 1,42.

Guest Article by Neil Camp

This leading application, designed for Linux servers, came out with a Gold following the latest Virus Bulletin Anti-Spam Comparative Review. The review revealed there was only one false positive out of 2,400 legitimate emails.

The test involved using a SuSE Linux Enterprise Server 11 for a 11-day period. Emails were sent to a number of Virus Bulletin email addresses and were mixed with spam emails provided by Project Honey Pot. And the emails were also sent in multiple language and character sets, including English, French, Russian, Dutch, Norwegian and Asian languages.

The result was an impressive 97.84% of spam messages were caught during the test, giving a false positive rate of only 0.04%.

Catalin Cosoi, Senior Researcher at BitDefender, said:
“We are thrilled to receive another VBSpam Award for BitDefender Security for Mail Servers 3.0.2. This award represents our sixth consecutive honour from Virus Bulletin, and we are particularly happy with test results showing only a single false positive out of 2400 genuine emails.”

The company say the success of the BitDefender is based on a new technology based on live query. This originates from the cloud-computing paradigm, providing an immediate response time and protection to users all over the world, regardless of language or what type of spam they receive.

How Does BitDefender Antivirus Software work?

In practice, it works by first scanning an incoming email locally with proprietary, proactive antispam solutions. If the email passes the initial filtering sequence, but still cannot be categorised as spam, or a legitimate message, then a proprietary algorithm extracts key elements from the analysed mail. This then creates something similar to a unique encrypted fingerprint of that message. Finally, if the BitDefender network of servers finds a match in its databases of known spam fingerprints, it issues a block command to the client application.

This provides a very thorough technique of catching spam emails.

Guest Article by Neil Camp