September17

Top 10 malware threats for 2010; how to deal with them

Despite spam and malware filters, email-borne Trojans and exploits continue to thrive, propagated by file attachments and embedded URLs. And this is reported by most of the email security companies. However, it seems that companies have succeeded in stabilizing the percentage of SPAM vs. HAM. This is due to the increasing quality of SPAM, Virus, phishing filters. For instance, Visendo Mail Checker Server uses a multiple probability calculation algorithm for its Bayesian filter.
This is a classification that Sophos, in their reports for 2010 have considered. Moreover, one should observe a certain ciclycity in what means malware: e.g. – the new “Here you have” spam with its worm. Remember that this type of worms were famous in the mid 2000s.

Here’s a list with the most dangerous threats that come from the internet, straight into your inbox:
10. TibsPk. TibsPk is a polymorphic Trojan that evades signature detection by using a custom packer to hide inside randomly-named executables (e.g., rhc70^8Bredo9^7.exe). Upon execution, TibsPk plants itself in the Windows system folder, creates an auto-Run key, and disables the Windows Task Manager.

9. Koobface - an anagram of Facebook, Koobface preys upon Bebo, Facebook, Friendster, Hi5, LiveJournal, MySpace, and Twitter users. Infections start by clicking on a URL in an email invitation from a social network "friend." Then users are taken to a third-party site where a "funny video" is posted. Upon attempting to view the video, users are prompted to install malicious code hidden as an Adobe Flash Player update.

8. Trojan Agent - a malware family that uses HTTP to reach a remote server, taking advantage of firewalls that permit any outbound Web traffic. Trojan Agents use packers to evade signature detection, install themselves using randomly-generated filenames, and add auto-Run keys to the Windows registry.  

7. Trojan ZipCard - This malware arrives on a message claiming to be a "new greeting" from a family member or "someone who cares about you." The attached zip file (e.g., Greeting_Card.zip) is not a greeting card, but a malicious Win32 program.

6. FakeVirPk – fake anti-virus software propagated by search engine optimization and domain name typo-squatting. FakeVirPk implants itself in the user's Application Data folder, creating a randomly-named folder and auto-Run executable.

5. Trojan Invo,  usually received with a failed UPS package delivery notice. The notice carries a zipped "invoice" that actually contains a new variant of Koobface . Another Invo variant warns that your Facebook password has been changed, inviting you to open a zipped password file that actually contains FakeAV Simple as that.

4. EncPk like Invo, EncPk often starts with a phony DHL package delivery notice or a Facebook password change notice. However, the body of an EncPk-infected message contains only a warning that the recipient's anti-virus is outdated, along with a zipped attachment like dhl_viewer.zip or print_label_IDnnn.zip. When opened, these files contact a remote server to infect the PC with downloaded malware, such as Bredo, FakeAV, or Zbot.  

3. JS Redirector - JavaScript Trojan uses generated URLs to redirect users to malicious websites that distribute malware, porn, or phish for confidential data. Web tricks used to spread JS Redirector include drive-by downloads. It should therefore come as no surprise that JS Redirector spreads by mail using HTML-formatted messages.

2. FakeAV nudged out JS Redirector as the second most prevalent mail-borne malware of 1H10. Numerous FakeAV variants have surfaced during the past year, using a “scare-ware” to exploit end-user fears. For example, FakeAV-EI spam carries a Trojan posing as a 30-day-free trial of McAfee VirusScan. By the way, don’t expect that you will receive a similar email with Visendo Mail Checker Server. This will definitely not happen.

1. BredoZp - Bredo spam is generated by bots to recruit additional bots. For example, BredoZp-L poses as a money order notice from Western Union. That notice carries a zipped executable containing Bredo-A, which is implanted in the PC's temp folder as a randomly-named auto-Run file. BredoZp-S poses as a UPS or DHL delivery problem notice, carrying a zipped executable containing several malware programs, such as Bredo-A, Bredo-E, EncPk, FakeAV, or FakeVirP. So there’s a hype in the hacker’s world with invoices delivery problems.  

It seems that there is indeed a hype in the email security. Hackers are thinking of new ways to reach your inbox. IT seems that well trained snit-SPAM filters need to train some more and IT admins need to be up-to-date with everything that involves malware. On solution would be the “in the clouds” security. The filters deal with different types of malware everyday and get trained better than filters that only filter 10-20 mails/day. However, if you are a medium business and need full reliability, security and flexibility you should use an advanced email gateway.
This would have a Bayesian filter that can efficiently train itself even with 20 received emails per day. Visendo Mail Checker uses and advanced Bayesian filter that can calculate reliable SPAM probabilities even for a low frequency of received emails

Kommentar schreiben

biuquote
Loading