Taking spot in BitDefender’s monthly hall of shame is the malware Trojan.AutorunInf.Gen.

BitDefender, a company which produces anti-malware security solutions, produces a monthly e-threat report in which it lists the latest malware baddies.

And top throughout February was the Trojan.AutorunInf.Gen which is what’s known as a generic mechanism which uses removable devices – including external hard-disks, memory cards and flash drives – to spread malware between devices.

Removable devices are the theme of BitDefender’s February e-report and they warn against the ease by which these handy aids can be compromised. Indeed, say BitDefender, they are responsible for around 9% of global infections.

Catalin Cosoi, BitDefender’s senior researcher, said:
“External devices should be scanned on a regular basis. This safe practice should be used especially when these devices have been plugged into library computers, copy shops, and other public locations that are known to be likely sources of infection.”

Conficker, or Kido, or to give its correct title, Win32.Worm.Downadup.Gen, is proving very resilient, appearing regularly in the nasties line-up.

Catalin Cosoi, BitDefender’s senior researcher, added:
“The continuous presence of Win32.Worm.Downadup.Gen — also known as Conficker or Kido — in our monthly e-threat lists proves most users are reluctant to update their operating system and locally-installed antimalware solution, in addition to installing the security fixes issued by Microsoft more than a year ago. Newer variants of the worm also install rogue antivirus applications, amongst others.”

Coming third and fourth in the list is to gain access to a computer via manipulated PDF files and various vulnerabilities found in the Adobe PDF Reader JavaScript engine. Once they have compromised a computer, malicious code is then executed from the ‘dirty’ machine.

The complete list is made up of:

1. Trojan.AutorunINF.Gen 9.09
2. Win32.Worm.Downadup.Gen 6.24
3. Exploit.PDF-JS.Gen 5.13
4. Exploit.PDF-Payload.Gen 4.21
5. Trojan.Wimad.Gen.1 3.37
6. Win32.Sality.OG 2.77
7. Trojan.Autorun.AET 1.92
8. Worm.Autorun.VHG 1.85
9. Exploit.Comele.A 1.48
10. Trojan.SWF.HeapSpray.B 1.40

BitDefender was particularly keen to highlight the invidious threat called Trojan.Wimad.Gen.1, sitting at number five. This is one Trojan that likes to hide in favourite downloadable television series and movies.

Guest Article by Neil Camp

Trojans dominated the top ten e–threats for September according to a top security software company.

BitDefender, creator of one of the industry’s fastest and most effective lines of internationally certified security software, produce a table of malware that represents the biggest threat on a month to month basis.

And in number one spot for September is the Trojan.Clicker.CM. The reason for this, ponder BitDefender, may be due to Tojan.Clicker’s popularity as a weapon of choice amongst purveyors of "warez." This a term used by malware developers to describe compromised software.

In second place is Trojan.AutorunINF.Gen and this is a generic detection for Trojans that use Autorun. Number three spot in this line-up of nasties goes to the Trojan.Wimad.Gen.1.

The infamous Conficker is never far away from any malware list and in this particular chart it occupies the fourth slot. BitDefender labels Conficker, in all its various guises, as Win32.Worm.Downadup.Gen.

At number five is an exploit which uses a vulnerability in the way some versions of the Adobe PDF reader parse embedded JavaScript is gaining popularity again. Exploit.PDF-JS.Gen is one to be careful of.

Trojan.Exploit.JS.Y slots into the number six position. It’s a malicious piece of JavaScript, usually found on compromised or malicious websites.

In the number seven spot, down from number five, and a long-time star of the BitDefender’s Top 10 E-Threat is Win32.Sality.OG. It’s an encrypted, polymorphic file infector and appears set for a very long cybercrime "career".

In the eight and nine slots are two threats which use the Autorun security loophole found in older versions of Windows. BitDefender point out that the lower-spreading of the two threats is actually a downloader component used to spread the ever-present Conficker, or Kido worm (aka Downadup).

Bringing up the rear in tenth is Trojan.Skintrim.HTML.A, a type of HTML page usually found associated with adware programs such as Navipromo.

BitDefender’s September 2009 Top 10 E-Threat list is made up of:

1. Trojan.Clicker.CM 10.98%
2. Trojan.AutorunINF.Gen 9.58%
3. Trojan.Wimad.Gen.1 5.52%
4. Win32.Worm.Downadup.Gen 4.68%
5. Exploit.PDF-JS.Gen 4.09%
6. Trojan.Exploit.JS.Y 3.44%
7. Win32.Sality.OG 2.75%
8. Trojan.Autorun.AET 2.27%
9. Worm.Autorun.VHG 1.78%
10. Trojan.Skintrim.HTML.A 1.49%
11. Others 53.41%

Guest Article by Neil Camp

A new virus is in town and this time it’s got a specific target: online banking customers. Known as the Clampi virus, it represents a major threat to those that bank via the internet.

The Clampi virus is whats known as a Trojan, mainly because of its ability to secretly penetrate a computer, wait patiently until needed, then report bank to its creator, or indeed, take instructions from its creator.

And the cyber criminals behind the Clampi virus have on objective in mind: to steal personal details from a computer.

It is spreading rapidly through the US and UK, infecting computers and then waiting until the time is right to strike. When the user of the computer logs into their bank account for example, the Clampi virus makes a note of the username, password and other pertinent details, which are then sent back to the hackers.

These details are then used by the hackers to enter financial sites and either transfer money, change account details, or set-up frauds.

It is believed that people behind the Clampi virus monitor in the region of 5,000 financial websites and amongst these are most of the UK high street banks. But it’s not just banks; sites run by mortgage lenders, online casinos, shopping operations and email providers are also targeted.

In the US the Clampi virus has already been responsible for thefts of thousands of dollars and its been reported that many schools and businesses have been affected.

The Clampi virus is not new, having been around since 2005, but computer security experts think that this is a new, more virulent strain and poses a major threat to online banking. And they believe it attacks in waves, the UK banks being a major target.

They are unsure as to the true extent of the damage caused in the UK, especially given the covert nature of Clampi’s operation, but think that over 1,000 computers have already been affected. And those running Microsoft Windows operating systems seem to be more vulnerable than most.

And the computer security experts are warning again that people should remain vigilant at all times, reiterating the fact the such viruses are usually distributed embedded in emails, website downloads and instant messages, as attachments and links. They urge anyone not to open links, or attachments, from sources they cannot trust.

What’s more, they remind computer users that they should never send emails, or surf the web, without an up-to-date anti-virus software application on their machines.

Guest Article by Neil Camp

Proof that porn sites are often used to infect unwary surfers has been reinforced again with news that a new virus attack aimed at MAC users, as well as Windows operating systems.

Visitors to a certain porn site are invited to install an ActiveX object to be able to watch a video. What they actually download though is a Trojan computer virus. It’s called OSX/Jahlavc and once installed, can be a difficult pest to get rid of.

Another porn site has been identified as downloading malware which targets both PCs and MACs. It’s believed to be a new version of the MAC operating system X Tored worm and those infected get redirected to a page called pagemac.php page, which then downloads a QuickTime.dmg file.

Computer security experts are again warning that porn sights often harbour a whole range of virus nasties and that hackers are getting increasingly clever in getting unsuspecting users to download all manner of malicious code. And they are starting to use techniques used on social networking sites to good effect.

Guest Article by Neil Camp

Seattle based software giant Microsoft has reportedly developed an antivirus programme that it will give away free, alarming certain computer security experts that it will fall short of a number of key features and expose users to attacks.

Believed to be called Morro, the software will initially only take on viruses, and not offer such additional features as parental controls for surfing.

The irony is of course, that many virus attacks come about because of holes (‘bugs’) in such operating systems as Microsoft’s Windows, hence the need for constant patching (in the form of Service Packs) after the release of the product.

This will be Microsoft’s second foray into the highly competitive world of computer security. Its first, called the Windows Live OneCare, made little impression on the overall market for sophisticated security products. It is thought that Live OneCare will be dropped once Morro is ready for release (a Beta version will come first).

Morro has been created to tackle viruses in the shape of spyware, rootkits and trojans.

But, as many computer security experts fear, this is not enough to counter attacks from modern day hackers who employ a whole raft of viruses and techniques in order to attack people’s computers. The danger many feel is that many computer users will be lulled into a false sense of security by using such a package as Morro. And they will eventually discover that they need a more sophisticated programme in order to keep them safe from viruses.

Guest Article by Neil Camp

Computers in the National Health Service (NHS) have been hit by 8,000 viruses in the last year alone.

More4News instigated A Freedom of Information investigation which discovered the extent of the virus attacks which have included all sorts of malicious code including worms, Trojans and spyware. This has in some cases caused havoc within some departments of the NHS, causing postponed appointments, diverted ambulances and staff being locked out of their computers.

Apart from the widespread inconvenience, this has caused one department to suffer a three-week back-log of appointments.

One virus was caused Mytob and was a worm which caused chaos throughout London hospitals in November, 2008. Mytob quickly infiltrated networks and computers and simply overloaded systems.

But far from indicating a complete failure of the NHS computer systems, security experts say that it comes down to NHS IT staff not updating their systems properly. In other words, most of the virus attacks could have been prevented with effective IT management.

And for those that are concerned that such a lack of security might mean that their personal records might one day appear on the internet for all to see, the NHS point out that electronic records are protected by the highest levels of security.

After suffering 8,000 virus attacks in on year, that might be hard for many to believe.

Guest Article by Neil Camp

Security boffins at anti-virus company Sophos have warned computer users to be on their guard against a new trojan.

Officially known as the JSRedir-R programme, it’s common name is the Gumblar.

And the Gumblar has been written with one aim in mind: to maliciously collect sensitive information and commit identity theft.

Sophos report that it is spreading rapidly around the net, at around six times faster that similar viruses.

JSRedir-R, or Gumblar, firstly infects poorly protected, but legimate websites, and uses them to springboard onto an unsuspecting user of that website. Once loaded onto a computer, the Gumblar opens up a back door and allows a hacker to take out personal and sensitive information, which it can then exploit to steal money.

Mr Graham Cluley, at Sophos, said:
“No-one should be in any doubt that the web is still the main vector of attack for cybercriminals, and this new threat suggests this situation isn’t going to change anytime soon. The problem is that too many computer users still think there’s no danger in surfing the web, but with legitimate sites often falling victim to these attacks, it’s time to wake up.

“Hackers won’t stop targeting the web as it’s proving a successful way for them to spread their infections. To combat this, it’s essential to scan every website for malicious code before visiting it.”

In a recent survey, it was discovered that almost 50% of the new malware found across the web were identified as the Gumblar. More worryingly was the speed of infection, with a new webpage getting infected every five seconds.

Sophos, along with a number of other computer security companies, have advised computer users to ensure that their anti-virus software is as up-to-date as possible.

Guest Article by Neil Camp

You think you’ve got problems with computer security.

The Sunday Times has just reported that intelligent chiefs have warned that China will soon have the ability to cripple the U.K.’s telecoms and utilities.

Now, some might argue that telecoms are already knackered in this country, but its been revealed that a Chinese company was awarded a contract in 2005 to install equipment for BT’s new £10 billion network which will, at long last, update the U.K.’s dilapidated internet grid.

And James Bond and Co are worried that in the future, some sinister Chinese general will flip a switch and the U.K telecoms network will crash. And worse than not being able to order your favourite pizza, is that the security services and the military, who will all use the new BT network, will be silenced.

And ironically, although BT has taken steps to properly protect its system against cyber criminals, it might have allowed a doomsday digital Trojan Horse, courtesy of China, into the heart of its software.

Okay, that’s pretty far fetched you might say and more suited to a block-buster spy novel. But are these fears based on fact, or an over-ripe imagination? It appears they’ve surfaced because the Chinese company in question has been largely funded by the Chinese state and that its chief was a former member of the People’s Liberation Army.

Fair enough, but then you read that our own homegrown eggheads, Marconi, did not win the business because they were too expensive. And when questioned about the matter, British Government ministers say they can’t now throw out the Chinese work because not only would it be prohibitively expensive to replace, but it might also contravene competition rules.

Only the Brits would take fair play that far. Okay, its unlikely that the Chinese would have placed a Trojan Horse in the new system (although recent stories suggest that the Chinese Government is not beyond a bit of cyber-crime), but why on earth didn’t ministers claim it was a matter of defence and insist the contract went Marconi’s way; just to be on the safe side?

Afterall, across the pond, the Pentagon blocked a merger between the Chinese company in question and a U.S. defence contractor. They didn’t like the Chinese company’s connections to the Chinese state and so put a stop to it. Not for them the niceties of budgets and competition rules.

Why do we have to still stick to Marquis of Queensbury’s rules?

Guest Article by Neil Camp