One of the antivirus companies operating in the crowded internet security market, GFI software, has put together the top ten hit parade of malware nasties for September.

Employing many of the best antivirus strategies, GFI produces a monthly report of the most active and virulent malware.

And the company has warned this month that the activity of botnet operators is increasing. Botnets are network of zombie computers which unbeknown to their owners and operators, act as vast spam mailers, which are the usual way that malicious code is delivered to individual computers.

GFI has found that there is a persistence of Trojan attacks and scareware.

The top ten of these attacks during September showed a pattern of aggressive and persistent attacks via Trojan horse programmes:

1. Trojan.Win32.Generic!BT 23.54%
2. Trojan-Spy.Win32.Zbot.gen 4.27%
3. Trojan.Win32.Generic!SB.0 4.06%
4. Trojan.Win32.Generic.pak!cobra 3.04%
5. INF.Autorun (v) 2.3%
6. Worm.Win32.Downad.Gen (v) 1.44%
7. Trojan.HTML.FakeAlert.e (v) 1.09%
8. PlaySushi 1.08%
9. FraudTool.Win32.FakeAV.gen!droppedData (v) 0.91%
10. Trojan.Win32.Malware.a 0.83%

The biggest culprit was Trojan.Win32.Generic!BT and includes more than 120,000 malicious application traces.

In second place is also a generic trojan which has many versions and centres on password-stealing techniques. Also a password-stealing trojan is number three, Trojan.Win32.Generic!SB.0, which are designed to install keyloggers which monitor and record key strokes, so that hackers can figure out password and username details.

Manager of the malware processing team at GFI Labs, Francis Montesino said:
“These detections are evidence of the activities of botnet operators. They use their networks to pump out the spam that’s intended to infect machines.”

Research Centre Manager at GFI, Tom Kelchner said:
“Trojan.HTML.FakeAlert.e (v), which is in the number seven spot, is a detection for malicious Web pages that display false warnings to scare victims into downloading malware – commonly referred to as rogue security products or scareware. We’re seeing a steady flow of new rogues too – one or two per week. Judging by our ThreatNet reports, VIPRE installations are stopping a lot of the rogue downloaders.”

GFI will continue to watch out for threats under its best antivirus ambitions.

Guest Article by Neil Camp 

The FBI has claimed a success in uncovering a major US cyber crime ring which made a mockery of internet security.

The crime busting organisation has rounded up nearly 100 people who defeated internet security techniques after it noticed bank transactions in Omaha that looked suspicious.

The people arrested are thought to be operating as ‘mules’ for East European fraudsters. The ring, or network of mules is thought to have been responsible for thefts amounting to over $70 million. The mules hacked into targets computers to get personal banking details in what the FBI described as one of the largest cyber criminal cases they had ever investigated.

Arrests were also carried out in the, Netherlands, UK and Ukraine.

Those detained in the US face charges of conspiracy to commit bank fraud and money laundering.

In what is basically a very effective technique, the hackers in Eastern Europe would first bombard the computers of individuals and small businesses with spam and infect their computers. The spam would be carrying the infamous Zeus trojan virus and once infected, the host computer would be wide open to attack.

The mules would then access the Zeus Trojan code on the victim’s computer and gain access to the users’ banking usernames and passwords. The money would then be transferred to the accounts set-up by the mules, before being transferred elsewhere. It’s reckoned that the gang had hoped to steal over $200 million.

The FBI said they were alerted by a number of suspicious bank transactions in Omaha which led them to believe a Zeus Trojan style attack was taking place under their noses.

In arresting people in a number of countries, including at least 19 in the UK, the FBI were helped by a number of law enforcement agencies

The investigation kicked off when the FBI noticed a pattern of suspicious bank transactions in Omaha.

Cyber crime experts are still concerned as to the number of people and companies who do not have sufficient levels of internet security. One, who preferred not be named said:
“Despite the warnings every day issued to computer users, I remain incredulous as to how many people still got caught by viruses such as Zeus Trojan. Thankfully, on this occasion the law enforcement authorities were very vigilant and it was stopped before the full extent of the attack could be realised. Let’s hope that the messages regarding internet security will start to penetrate in the near future.”

Guest Article by Neil Camp 

Software antivirus company Kaspersky Lab has spotted the first Trojan that is targeted towards Smartphones running the Google Android operating system.

Kaspersky Lab is one of the largest software antivirus companies operating in the computer security sector and has named the Trojan SMS.AndroidOS.FakePlayer.a. This particular Trojan has played havoc with a number of mobile phone devices, and the efforts of Kaspersky Lab is in the hope that fewer users will be affected in the future.

The Trojan runs under the disguise as a media player application; for users this seems harmless and so once they are prompted to download it, the file is installed with what is known as the standard Android extension: .APK. However, harmless it is now. Once it is on the phone, the Trojan starts to send SMSs to premium rate numbers. This all done without the user’s knowledge, and this means money is passed from their account to the account of a cybercriminal.

With Smartphones becoming more and more popular, this kind of SMS category of Trojan has become more and more prolific. This specific Trojan is the first to target the Android platform, however, and spyware has also been detected in some devices that run Android in the past.

Denis Maslennikov, Mobile Research Group Manager at Kaspersky Lab, says “The IT market research and analysis organisation IDC has noted that those selling devices running Android are experiencing the highest growth in sales among smartphone manufacturers. As a result, we can expect to see a corresponding rise in the amount of malware targeting that platform.

“Kaspersky Lab is actively developing technologies and solutions to protect this operating system and plans to release Kaspersky Mobile Security for Android in early 2011.”

As with any computer, users have been encouraged by software antivirus company Kaspersky Lab to check out any download that an application may request.

Guest Article by Neil Camp

The latest list of gremlins from security antivirus company Sunbelt Software has been released and shows that throughout July, it was the march of the Trojans that was causing the trouble.

Security antivirus company Sunbelt Software is now part of GFL Software and still publishes a round-up of the most prevalent forms of malware that are threatening people’s computers month to month. The material is gathered from the company’s anti-malware solution, VIPRE Antivirus, and its antispyware tool, CounterSpy.

The month of July heralded an attack by Trojans, as well as the Downad/Conficker worm. A startling 29.08% of the total Trojans detected was the Trojan.Win32.Generic!BT; this isn’t the first month this one has topped the list. It crowned the list in June and in May with similar percentage totals.

Others that have been repeatedly cropping up on this black list are Trojan.Win32.Meredrop, Trojan.Win32.Generic!SB.0 and Trojan.Win32.Malware. Trojan.Win21.Meredrop causes a whole host of problems for the victims it targets; they are a number of Trojans that can install and run different kinds of malware on a machine, often with multiple Trojans and worms. Trojan.Win32.Generic!SB.0 is known for password-stealing, installing keyloggers to that they can identify users’ most personal of passwords.

Francis Montesino, manager of Sunbelt’s malware processing team, said: “Trojan.Win32.Generic!BT is a generic risk that covers a lot of malicious applications. About 120,000 traces are identified under that detected by VIPRE’s signature-based, heuristic or behavioral mechanisms.

“Very often is identifies the downloaders that are used with rogue security programs. These are also called ‘scareware’. Once they get downloaded, the rogues pretend to scan your computer for malware then display false warnings that the machine is infected. They try to convince victims to purchase useless security software.”

The top 10 results are calculated by detecting the number of times a piece of malware infection has been found during scans by VIPRE and CounterSpy technology; these report back to ThreatNet, security antivirus company Sunbelt Software’s community of users. Here, they are given a classification, which can range from moderate all the way up to the very severe. A good look at the list helps internet users to understand the risks they run when surfing the web.

Guest Article by Neil Camp

Its been reported that a Trojan Horse attack has been mounted on Google’s Chrome browser.

The warning that the Trojan Horse attack is being perpetuated by cyber criminals intent on exploiting Google’s increasing popular Chrome browser was posted in a BitDefender blog.

The blog, called Malware City, regularly updates people on virus trends and BitDefender, like most of the computer security companies, see it as their role to alert computer users worldwide to threats and trends.

The Trojan Horse attack is based on the virus posing as a Google Chrome extension. It has been circulated by invidious hackers who now see Chrome as a very viable target. The method of the Trojan Horse attack is via an email which falsely claims that Google has launched a new Chrome extension which helps the user to better organise documents received in emails.

BitDefender discovered that the link that this spurious email contained was back to a fake page posing as a genuine Google Chrome extension page. And this page contained a download which contained an executable file contained the malware, the Trojan Horse attack.

Once downloaded, the Trojan Horse actually blocks attempts by the user to access Google and Yahoo websites, sending them instead to other websites which are loaded with other malicious files and content.

BitDefender has identified this Trojan Horse attack. It’s called Trojan.Agent.20577 and it’s one most definitely to be avoided at all costs.

How to Protect Against Trojan Horse Attacks

Don’t get careless; even if you have the best antivirus software that is always up to date Trojans can still attack. To prevent getting attacked by a Trojan horse before you download a file and open it. Ensure you are confident you know the source and the content of the file. You can protect yourself from Trojans by only downloading files from websites you are certain are 100% genuine.

Trojan attacks can also come from friends, via email or instant messenger, as many Trojan attacks are designed to spread automatically. If the email looks suspicious with spammy content then do not click on the attachment. If in doubt you can always ask the recipient if the attachment is genuine. You can also use antivirus software to scan the file.
 

Guest Article by Neil Camp