AntivirusWorld

Top 10 exploitation attempts detected for this period, ranked by vulnerability traffic. Percentage indicates the portion of activity the vulnerability accounted for out of all attacks reported in this edition. Severity indicates the general risk factor involved with the exploitation of the vulnerability, rated from low to critical. Critical issues are outlined in bold:

Two Top Twenties have been compiled from data generated by the Kaspersky Security Network (KSN) throughout April 2009.

The first Top Twenty is based on data collected by Kaspersky Lab’s version 2009 antivirus product. The ranking is made up of the malicious programs, adware and potentially unwanted programs most frequently detected on users’ computers.

May 2009 virus activity review from Doctor Web

Doctor Web presents the virus activity review for May 2009. In the past month the share of ransomware among other malicious programs remained the same but virus makers honed their social engineering techniques and created new tools that would make their work easier. May also saw several new rootkits. Spammers were even more eager to advertise their services using new ways to bypass spam-filters.

Ransomware

Trend Micro discovered a new file sourced by a known Conficker P2P IP node - a new variant of Conficker now known as WORM_DOWNAD.E, indicating that cybercriminals behind the notorious Conficker worm may finally be gearing up for more serious attacks.

Trend Micro threat researchers had been carefully monitoring for signs of Conficker activity and discovered increasing P2P communications from the Conficker peer nodes, believed to be hosted in Korea. The file, found in the Windows Temp folder, was created on April 7, 2009 at 07:41:21 PM, PDT.

Malware exploits moved at unprecedented speed and volume this past year but 2009 may bring increasing cooperation among security vendors and law enforcement agencies to bring down criminal enterprises, according to the annual Trend Micro Threat Roundup & 2009 Forecast.

Less than seven percent of emails that reached companies in the first quarter of 2009 were legitimate correspondence. Some 90.92% of messages were spam, while 1.66% were infected with some type of malware.

PandaLabs, Panda Security’s malware detection and analysis laboratory, has detected a black hat SEO attack (Search Engine Optimization) using the name of the Ford car manufacturer as bait to distribute malware on the Internet. Specifically, PandaLabs has discovered 1.2 malicious results in searches related to the Ford Motor Co. which point to these malicious pages. The malware is distributed as follows: When users searching for information about Ford click one of the malicious results, they are taken to a Web page in which it seems as if they are about to see a video.

PandaLabs, Panda Security’s malware detection and analysis laboratory, has detected a new malicious code, Banker.LSL, which uses the proximity of the Easter holidays to trick users with a YouTube religious video in Portuguese

PandaLabs, Panda Security’s malware detection and analysis laboratory, has presented its malware report for the first quarter of 2009. According to the report, Trojans have accounted for 73% of all new malware created during this period. Nevertheless, one of the main trends identified in the report is the growth of spyware, which rose from 2.5% in the previous quarter to 13.15% in the first three months of the year.

Doctor Web informs Internet community about an epidemic of several modifications of Trojan.Blackmailer that has started at the end of March 2009. Starting on March 31 virus analysts of Doctor Web have been registering increased number of detections of Trojan.Blackmailer The figures suggest that the number of infected machines may reach several millions. Definitions of new modifications of Trojan.Blackmailer were promptly added into the Dr.Web virus database as they appeared sincethe epidemic started. Now users of Dr.Web anti-viruses are protected from all variations of the Trojan.