Taking spot in BitDefender’s monthly hall of shame is the malware Trojan.AutorunInf.Gen.

BitDefender, a company which produces anti-malware security solutions, produces a monthly e-threat report in which it lists the latest malware baddies.

And top throughout February was the Trojan.AutorunInf.Gen which is what’s known as a generic mechanism which uses removable devices – including external hard-disks, memory cards and flash drives – to spread malware between devices.

Removable devices are the theme of BitDefender’s February e-report and they warn against the ease by which these handy aids can be compromised. Indeed, say BitDefender, they are responsible for around 9% of global infections.

Catalin Cosoi, BitDefender’s senior researcher, said:
“External devices should be scanned on a regular basis. This safe practice should be used especially when these devices have been plugged into library computers, copy shops, and other public locations that are known to be likely sources of infection.”

Conficker, or Kido, or to give its correct title, Win32.Worm.Downadup.Gen, is proving very resilient, appearing regularly in the nasties line-up.

Catalin Cosoi, BitDefender’s senior researcher, added:
“The continuous presence of Win32.Worm.Downadup.Gen — also known as Conficker or Kido — in our monthly e-threat lists proves most users are reluctant to update their operating system and locally-installed antimalware solution, in addition to installing the security fixes issued by Microsoft more than a year ago. Newer variants of the worm also install rogue antivirus applications, amongst others.”

Coming third and fourth in the list is to gain access to a computer via manipulated PDF files and various vulnerabilities found in the Adobe PDF Reader JavaScript engine. Once they have compromised a computer, malicious code is then executed from the ‘dirty’ machine.

The complete list is made up of:

1. Trojan.AutorunINF.Gen 9.09
2. Win32.Worm.Downadup.Gen 6.24
3. Exploit.PDF-JS.Gen 5.13
4. Exploit.PDF-Payload.Gen 4.21
5. Trojan.Wimad.Gen.1 3.37
6. Win32.Sality.OG 2.77
7. Trojan.Autorun.AET 1.92
8. Worm.Autorun.VHG 1.85
9. Exploit.Comele.A 1.48
10. Trojan.SWF.HeapSpray.B 1.40

BitDefender was particularly keen to highlight the invidious threat called Trojan.Wimad.Gen.1, sitting at number five. This is one Trojan that likes to hide in favourite downloadable television series and movies.

Guest Article by Neil Camp

Computer security giant McAfee says that things have got worse in the last quarter with spam, malware and web-based threat creation reaching record levels.

McAfee’s latest Third Quarter Threats Report, which covers July to September 2009, also revealed that the number of new file-sharing sites which host unauthorised, copyrighted content increased dramatically. What’s more, another trend on the increase is the number of cybercriminals who are extorting website owners with threats of denial-of-service attacks.

There was a 300% rise in the creation of file-sharing sites following the brief shutdown of the Swedish based Pirate Bay operation. Pirate Bay was a torrent site, one that can host links to copyrighted material and very controversial in the authorised spread of content. And with this huge rise in the number of similar sites, cybercriminals are presented with the ideal opportunity to exploit the way certain sites share content. Malware writers are skilled at creating sites to trick users looking to download copyrighted material into downloading malicious programs.

And McAfee warns that the number of these malicious sites could dramatically increase during the fall and holiday blockbuster film seasons.

File-sharing site problems to one side, McAfee reported that spam and malware levels have reached a record high, with threats surpassing previous levels in the last quarter. And rather gruesomely, web-based attacks have also increased as cybercriminals take advantage of celebrity deaths and natural disasters. At such times, website activity and email traffic dramatically increases, and malware authors quick to take advantage of such news stories and chat to hide their malicious intentions.

McAfee now reckon that of all email traffic, some 92% is spam. In other words, a tiny 8% is legimate email traffic.

The increase in web-based attacks – which target people who visit a malicious Web page, and are delivered to users through spam, phishing, social networks and even through redirects from hijacked legitimate websites – are fast becoming the most dangerous weapon wielded by a cybercriminal.

And McAfee estimates that 55% of all malicious URLs are hosted in the US. What’s more, cybercriminals are getting increasingly effective at utilising SEO techniques to drive traffic to the bad sites.

Denial of Service attacks are a particularly odious tactic employed by cybercriminals and McAfee has seen many more attacks in the latest quarter, and with some involving significant ransom demands.

Cybercriminals are offering for sale, to the highest bidder, botnets which are made up of thousands of zombie computers to attack sites. The botnets are used to knock out even some of the most-protected sites. And when offering such sophisticated botnets, the cybercriminals will often demonstrate their capability to prospective buyers with ‘live’ demonstrations, bringing down targeted websites for a few minutes.

Just recently, four Australian sports betting companies were targetted by cybercriminals and their sites taken down during key sports events, which resulted in the loss of millions of dollars of revenue.

Guest Article by Neil Camp

IT security specialist Avira has looked back over ten years and surveyed the role of computer virus protection in 1999, the year when such attacks began to rise sharply.

And it discovered that, having surveyed 5,543 international web surfers to find out how they dealt with the issue of IT security ten years ago, they discovered that only one third had protection installed.

Indeed, the majority of those surveyed – 32% (1,780 users) – didn’t actually own a PC back then. Some 22% of PC owners (1,228 users) had at least basic no-frills protection against viruses on their machines and a further 19% (1,050 users) took a more serious view of the problem and never allowed their computers to operate without the protection of a good antivirus program.

More data showed that 12% (653 users) had absolutely no protection on their computer at the time. And as Avira point, in 1999 malware was not designed to remain undetected for long periods, but instead laid computers low in a matter of minutes. This meant that attacks didn’t go unnoticed for long and according to the survey, 11% (602 users) learned from such an attack, and get protection after the first incident, maintaining it ever since.

Although, somewhat worrying for not only the computer security companies, but also worldwide computer users, is the fact that 4% (230 users) still take a devil-may-care attitude and fail to see the need to protect their PCs against damage. Indeed, this some would say reckless group has managed without virus scanners until now. However, as Avira highlights, today’s malware works so well ‘under cover’ that infected computers often go undiagnosed without the help of virus protection.

This means that many computer users, determined not to use computer security software, might think that there computer is ‘clean’, whereas in reality it could be infected with all manner of bugs and nasties, with the viruses biding their time to attack.

Avira, based in Germany, is a leading global provider of IT security solutions for professional and private use. It boasts domestic and international customers which include well-known companies listed on global stock exchanges, educational establishments and government authorities. And as well as protecting the virtual environment, Avira promotes the Auerbach Foundation for greater protection and security in the real world.

Guest Article by Neil Camp

Trojans dominated the top ten e–threats for September according to a top security software company.

BitDefender, creator of one of the industry’s fastest and most effective lines of internationally certified security software, produce a table of malware that represents the biggest threat on a month to month basis.

And in number one spot for September is the Trojan.Clicker.CM. The reason for this, ponder BitDefender, may be due to Tojan.Clicker’s popularity as a weapon of choice amongst purveyors of "warez." This a term used by malware developers to describe compromised software.

In second place is Trojan.AutorunINF.Gen and this is a generic detection for Trojans that use Autorun. Number three spot in this line-up of nasties goes to the Trojan.Wimad.Gen.1.

The infamous Conficker is never far away from any malware list and in this particular chart it occupies the fourth slot. BitDefender labels Conficker, in all its various guises, as Win32.Worm.Downadup.Gen.

At number five is an exploit which uses a vulnerability in the way some versions of the Adobe PDF reader parse embedded JavaScript is gaining popularity again. Exploit.PDF-JS.Gen is one to be careful of.

Trojan.Exploit.JS.Y slots into the number six position. It’s a malicious piece of JavaScript, usually found on compromised or malicious websites.

In the number seven spot, down from number five, and a long-time star of the BitDefender’s Top 10 E-Threat is Win32.Sality.OG. It’s an encrypted, polymorphic file infector and appears set for a very long cybercrime "career".

In the eight and nine slots are two threats which use the Autorun security loophole found in older versions of Windows. BitDefender point out that the lower-spreading of the two threats is actually a downloader component used to spread the ever-present Conficker, or Kido worm (aka Downadup).

Bringing up the rear in tenth is Trojan.Skintrim.HTML.A, a type of HTML page usually found associated with adware programs such as Navipromo.

BitDefender’s September 2009 Top 10 E-Threat list is made up of:

1. Trojan.Clicker.CM 10.98%
2. Trojan.AutorunINF.Gen 9.58%
3. Trojan.Wimad.Gen.1 5.52%
4. Win32.Worm.Downadup.Gen 4.68%
5. Exploit.PDF-JS.Gen 4.09%
6. Trojan.Exploit.JS.Y 3.44%
7. Win32.Sality.OG 2.75%
8. Trojan.Autorun.AET 2.27%
9. Worm.Autorun.VHG 1.78%
10. Trojan.Skintrim.HTML.A 1.49%
11. Others 53.41%

Guest Article by Neil Camp

One of the biggest computer security companies has published a list of the most dubious websites for 2009.

Symantec, the company behind the Norton range of anti-virus products has identified the ‘Dirtiest Web Sites of Summer 2009.’ These are 100 sites with the most threats detected by the site ratings service Norton Safe Web as of August 2009. They represent the ‘worst-of-the-worst’ say Symantec, based on the number of threats detected by Norton Safe Web.

Symantec say that it’s no surprise that some 50% of the worst websites are those that feature pornographic content. But what did surprise them was that many of those in the top 100 did feature innocent subject matter, including deer hunting, catering, figure skating, legal services and buying electronics.

And the most common threat found on the top 100 dirtiest sites was malware, followed by security risks and browser exploits. What’s worse, is that simply visiting one of the worst sites could risk exposing a computer to infection and identity theft, even without clicking on an item, or downloading a file.

“This list underscores what our research shows – there has been exponential growth in the number of online threats that are constantly evolving as cybercriminals look for new ways to target your money, identity or assets. In 2008, most new infections occurred while people were surfing the Web1,” said Rowan Trollope, senior vice president, Consumer Business Unit, Symantec. “Norton Safe Web provides visual ratings that let consumers know about potential risks before visiting a site. Armed with this information, consumers are empowered to make informed decisions about which sites to visit.”

Symantec calculated that the average number of threats on the Dirtiest Web Sites list is an incredible 18,000 per site. Indeed, 40 of the 100 Dirtiest Web Sites have more than 20,000 threats per site.

And below is a sample of the Dirtiest Web Sites:

• 17ebook.com
• aladel.net
• bpwhamburgorchardpark.org
• clicnews.com
• dfwdiesel.net
• divineenterprises.net
• fantasticfilms.ru
• gardensrestaurantandcatering.com)
• ginedis.com
• gncr.org
• hdvideoforums.org
• hihanin.com
• kingfamilyphotoalbum.com)
• likaraoke.com
• mactep.org
• magic4you.nu
• marbling.pe.kr
• nacjalneg.info
• pronline.ru
• purplehoodie.com
• qsng.cn
• seksburada.net
• sportsmansclub.net
• stock888.cn
• tathli.com
• teamclouds.com
• texaswhitetailfever.com
• wadefamilytree.org
• xnescat.info
• yt118.com

Avoid the above like the plague.

Guest Article by Neil Camp

Who’s the most dangerous celebrity in cyberspace? Whose name is most attached to those websites and downloads that might just contain a virus? According to computer security company McAfee, top of the charts for 2009 is Jessica Biel.

Ms Biel is not only the top celebrity internet search request because of her much admired figure, but also because of her high profile relationship with mega-star Justin Timberlake. But, for example, McAfee reckon that almost half of the sites promising Jessica Biel screen-savers were identified as containing malicious downloads with spyware, adware and potential viruses.

Interestingly, McAfee discovered that web searches for political celebrities like Barak and Michelle Obama were less likely to lead to sites that contain viruses. They ranked 34th and 39th respectively.

It’s a well known ploy for cyber criminals to use celebrity ‘come-ons’ to get people looking up certain sites. This is the third time that McAfee has compiled its annual list using its SiteAdvisor technology for celebrity names that produces the largest number of risky sites and overall risk percentage, when searched on the Web.

“Cybercriminals are star watchers too. They latch onto popular celebrities to encourage the download of malicious software in disguise…” said Jeff Green, senior vice president of McAfee Avert Labs. “Consumer’s obsession with celebrity news and culture is harmless in theory, but one bad download can cause a lot of damage to a computer.”

Number two in the hit parade is pop music diva Beyonce who has been in the second slot for two years now. Inputting Beyonce ringtones into a search engine yielded a dangerous web-site linking to a distributor of adware and spyware.

The others were, in order after Biel and Beyonce:

3. Jennifer Aniston. It was discovered that over 40% of Google search results for screensavers featuring this favourite Friends star contained some evil viruses, including one called the Fun Love virus;
4. Tom Brady. Many fans of American Football try downloading free files of this New England Patriots star in action, but they should watch out, because many are infested with a Trojan.
5. Jessica Simpson. Be warned, a video download of this star can lead to serious computer health problems;
6. Gisele Bundchen. Perhaps it’s not surprising that the world’s top supermodel is a target for the cybercriminals. And many searches of this celebrity’s name ends up with links to some dubious websites;
7. Miley Cyrus. Links to many harmful sites containing spyware.
8. Megan Fox/Angelina Jolie. Equally risky, as searches for these names often lead to risky websites;
9. Ashley Tisdale. Look for screensavers for this popular High Street Musical star and you might get more than you bargained for, including malware downloads;
10. Brad Pitt. Although this famous film star has fallen from last year’s top spot, a search for his name still resulted in a large number of red and yellow ranked websites;
11. Reese Witherspoon. Search for this name and you can enter a number of risky websites, plus many of the downloadable pictures contain malware.
12. Britney Spears. Such a popular search is bound to attract its fair share of nasties and if you search for this pop diva, then watch out. McAfee found one site promoting Britney Spears wallpaper had more than 50 potentially infected downloads;
13. Rihanna. Fans of Rihanna ringtones had better take care – they are some of the most sought after – but McAfee warns users that they are some dubious sellers out there who seem intent only on collecting personal information and selling it on;
14. Lindsay Lohan. Many of the Lindsay Lohan screen saver sites are infected with Trojans, viruses and spyware.
15. Kim Kardashian. She may be one of the biggest reality stars for many months, but many Kim Kardashian wallpaper and screen savers are home to a fair amount of lurking malware.

So, be warned, when downloading your favourite celebration digital wallpaper, screen savers, images, or ringtones, ensure that you are using bona fida websites, otherwise you might get a bit of a shock.

Guest Article by Neil Camp

The second quarter threat report from McAfee has some bad news for all computer users out there. The main finding is that Spam volumes have increased by 141% since March, 2009, continuing the longest streak of increasing spam volumes ever. But that’s not all, as there has been a dramatic expansion of botnets and auto-run malware.

The report highlighted the fact that 14 million computers have been enslaved by cybercriminal botnets, a 16% increase over last quarter.

Auto-run is becoming an increasing problem and over a test period of 30 days, it was discovered to have infected over 27 million files. Auto-Run malware, which exploits Windows Auto-Run capabilities, does not require any user clicks to activate. It is most often spread through portable USB and storage devices. Depressingly, the rate of detection surpasses the infamous Conficker worm by 400%, making it the number one piece of malware detected around the world.

Mike Gallagher, Senior Vice President and Chief Technology Officer of McAfee Avert Labs, said:
“The jump in bot and spam activity we saw in the last three months is alarming, and the threat from Auto-Run malware continues to grow. The expansion of these infections is a grave reminder of the potential harm that can be caused by unprotected computers in homes and businesses.”

McAfee also provides some background showing the a generally worsening computer security situation.

It is noted that fourteen million additional computers have been turned into botnets this quarter. This equates to more than 150,000 computers infected every day, or 20% of the personal computers bought daily.

It also said that South Korea accounted for the largest boost in bot activity. The country saw a 45% increase in new infected computers over the last quarter. And such botnets were used to execute the recent DDoS cyber attacks against the White House, the New York Stock Exchange and South Korean government Web sites.

But although South Korea has its problems, it only accounts for less than four percent of the world’s new bots. And its the U.S. which tops the list with 15% of the new zombie computers.

And its this bot expansion that is behind the increasing volume of spam, which is now 92% of all email. Spam volumes have now exceeded the highest volume on record by 20%, increasing at a steady rate of roughly 33% each month. This equates to spam volumes growing by over 117 billion emails every day.

What’s most disturbing, is that as the number of bots continues to grow, malware writers have begun to offer malicious software as a service to those who control botnets. By exchanging, or selling resources, cybercriminals distribute new malware to wider audiences instantaneously. And the creation of and management of malware is becoming even easier, thanks to programmes like Zeus.

Programs like Zeus – an easy-to-use Trojan creation tool – continue to make the creation and management of malware even easier.

And cyber criminals are increasingly turning their attention to the popular social networking sites, including Twitter, Facebook and MySpace.

Guest Article by Neil Camp

The computer security giant McAfee has identified which Internet searches are most dangerous to computer safety and which are the safest.

McAfee’s report, entitled ‘The Web’s Most Dangerous Search Terms’ claimed that dangerous Internet searches include searching for things such as free music or screensavers. These search terms are used by cybercriminals to ensnare web users and lead them to their own websites.

Once a web surfer has visited this website, they are vulnerable to downloads that infect your computer, such as spyware which can help reveal private bank details to hackers and other cybercriminals.

McAfee’s report also identifies that these dangerous search terms are changing with regard to the new global economic environment. With higher numbers of people being made redundant due to the economic slump affecting so many, cybercriminals are now using search results to target people looking to save money or find a job working at home.

Jeff Green, senior vice president of McAfee Product Development & Avert Labs said: “Cybercriminals are smart. Like sharks smelling blood in the water, hackers will create related Web sites laden with adware and malware whenever a particular topic increases in popularity. Unsuspecting consumers are then tricked into downloading malicious software that leads them to blindly hand over their personal assets to cybercriminals.”

The riskiest set of search words, according to McAfee’s report, include keywords to the variation of ‘screensavers’. The research concluded that nearly six out of the top 10 search results for the keyword ‘screensavers’ contained some form of malware.

The riskiest search of the 2,600 most popular keywords that McAfee researched was ‘lyrics’, with the risk factor rising to one in two.

The research concluded, however, that the word Viagra was one of the least risky of keywords. The keywords with the safest risk profile included search words related to health and the current economic climate.

McAfee’s report also indicated global variations on these risks. Many of these countries had keyword categories that ended up exposing web surfers to the higher risk sites. 12 countries were exposed to an overall higher risk than McAfee’s average, including Mexico and India. McAfee’s report therefore pointed to cybercriminals targeting those outside of the U.S.

McAfee gave caution to home workers and to those looking to save money: if a result contains the word ‘free’ it has a 21.3% chance of infecting a computer with spyware, spam, adware and other malicious cyber threats. The search ‘work from home’ is four times riskier than the average risk given for all popular terms.

To protect against these vulnerabilities, McAfee SiteAdvisor Technology has been designed. This rates every trafficked site on the Internet to conduct automated tests. Web sites are ranked using coloured ratings, so that users are knowledgeable as to what they are clicking on. McAfee have also recently announced the Cybercrime Response Unit to help arm users against the threat.

Guest Article by Neil Camp

South Korea is coming under repeated attack from hackers and malicious viruses and is, unsurprisingly, pointing the finger at its northern neighbour.

Yet research into the attacks, which affected computers in the U.S. as well as South Korea and centre on web site outages (a server is deliberately swamped as people are directed by a virus into one site at the same time), show that the five IP addressees used to deliver the virus did not originate from North Korea. Rather, they were based ironically in South Korea itself and the U.S, as well as Austria, Georgia and Germany.

South Korea and US officials quickly blocked the five sites, although it is believed that they were being controlled remotely from outside of the five countries. In effect, the creator of the virus was using zombie computers (those unknowingly controlled by a third party), to launch the attack. And the trail from the zombie computers could lead back to North Korea, say US experts.

But the five rogue IP addresses are the tip of the iceberg. South Korea has blocked a further 86 rogue addressees based in 16 countries. This is indeed worrying, but the actual damage caused has been minimal.

The attacks have been linked to other concerted attempts to crash and disrupt other major websites, including the Nasdaq Stock Exchange, the Pentagon, South Korea’s presidential Blue House and the White House.

South Korea’s intelligence agencies believe that their neighbours are to blame, but admit that this is based on technical reasons, as well as circumstantial evidence.

And North Korea is an unpopular state for many reasons, not least for its stance on nuclear missile tests and launches.

Unsurprisingly, the North Koreans have stayed tight lipped over the accusations, but a number of attacks on sites in the South, both governmental and private, continue apace.

But the South Koreans remained convinced that the North was behind the attacks. They highlight the fact that the North are bitterly opposed to a planned cyber warfare exercise between the South and the US. And the South believe that the North has created a special cyber warfare unit which has the main purpose of hacking into South Korean and US military networks.

Nearby Japan takes the threat seriously and is closely monitoring the situation, although no attacks have yet been reported.

Guest Article by Neil Camp

Proof that porn sites are often used to infect unwary surfers has been reinforced again with news that a new virus attack aimed at MAC users, as well as Windows operating systems.

Visitors to a certain porn site are invited to install an ActiveX object to be able to watch a video. What they actually download though is a Trojan computer virus. It’s called OSX/Jahlavc and once installed, can be a difficult pest to get rid of.

Another porn site has been identified as downloading malware which targets both PCs and MACs. It’s believed to be a new version of the MAC operating system X Tored worm and those infected get redirected to a page called pagemac.php page, which then downloads a QuickTime.dmg file.

Computer security experts are again warning that porn sights often harbour a whole range of virus nasties and that hackers are getting increasingly clever in getting unsuspecting users to download all manner of malicious code. And they are starting to use techniques used on social networking sites to good effect.

Guest Article by Neil Camp