Category Archives: Virus

Malware: how comes we are infected?

It was not the first time I had the same argue: some of my peers and even colleagues still think that the major infection method for client computers is through some kind of vulnerabilities which don’t involve stupidity. I believe (and I have some brothers in arm in my belief) that abovementioned “stupidity”, or let’s say lack of education and carelessness is the major threat. What am I talking about? Well… Some of the sources tells us that most of successful malware installs itself using USB sticks, shared drives or some kind of other user-involving technologies.

For example, in MS Security Intelligence report #9 (1H2010) we see the following table:

1

Win32/Taterf

2

Win32/Frethog

3

Win32/Renos

4

Win32/Rimecud

5

Win32/Conficker

6

Win32/Autorun

7

Win32/Hotbar

8

Win32/FakeSpypro

9

Win32/Alureon

10

Win32/Zwangi

 

These are the top 10 malware families detected on client computers. The 1st is the most often detected. The 10th, correspondingly, the least (of these 10, of course). Now I will just repeat the table with addition of infection mechanisms:

1

Win32/Taterf

Win32/Taterf is a family of worms that spread via mapped drives in order to steal login and account details for popular online games.

2

Win32/Frethog

Spreads Via…

Mapped Drives

3

Win32/Renos

Downloads of “video codecs” and other “goodies” from malicious sites. 
4

Win32/Rimecud

Win32/Rimecud is a family of worms with multiple components that spreads via removable drives, and instant messaging.
5

Win32/Conficker

No argues here: it is spreading through the vulnerability. And still: “it may also spread via removable drives and by exploiting weak passwords.”
6

Win32/Autorun

No arguing here, too: “spreads through fixed and removable drives by dropping copies of itself.
7

Win32/Hotbar

Install it yourself kit. Seriously.
8

Win32/FakeSpypro

Rogue:Win32/FakeSpypro may be installed from the program’s web site or by social engineering from third party web sites.
9

Win32/Alureon

Manual download (keygens, drive-by downloads, etc…)
10

Win32/Zwangi

Manual download.

 

You know what? I even don’t want to discuss it. Read one more report. And that’s all: no need to “hack” into your computer if a criminal can hack into your head.

Be careful at least this year and the following ones =)

x64 attacks, part II

malwareWhen I wrote about the surge of 64-bit platform which had come to the client computers I didn’t think about one obvious things: as some platform becomes mass and popular, it attracts all sorts of ill-minded persons to it. In our age it means that all the instruments that hackers use to do what they do will become adapted to the new reality. Unfortunately it is happening whether I think about it or no (maybe someone else had thought about it? Quit it, then Winking smile). Guys from MS have reported that we have received a 64bit version of Alureon malware. At the moment of report it produced non-bootable XP or 2003 and ruined some disk functionality in the later systems, but I have no doubt: the bad guys will correct these mistakes and make this malware even better (for them, of course and worse for you and me). That will again tell me, that every statistics about vulnerabilities, virus quantities and such kind of things must be normalized to the user base or else it just tells you wrong.

Virus for iPod

Yep, we’ve ended up with something like virus for iPod. Well… Actually it is just a proof-of-concept, and one should have some nerve to call it a “virus” – you have to work hard to contaminate your iPod with it:

  1. 1) You have to have iPod (Who doesn’t? Even I have one =) )
  2. 2) Flush its own firmware and flash it to Linux (Whew… What a strange idea…)
  3. 3) Finally, catch the virus.
  4. the piece of code does not do anything wrong, only issues some text, yet it proves possibility of viruses even on this platform, proved by Kaspersky.
  5. Who’s next?
  6. Source.