Fortinet Investigates a New SMS Mobile Worm: Yxes.A

The FortiGuard Global Security Research Team has investigated the case of a new mobile worm resorting to a breakthrough propagation strategy, which leverages SMS messages and Internet access.

Six percent of computers scanned by Panda Security are infected by the Conficker worm

The number of computers infected by the Conficker worm continues to grow, according to data from PandaLabs. A study carried out by PandaLabs revealed that almost 6 percent (5.77%) of computers worldwide are infected by this worm. The study -involving almost 2 million computers- show that the infection, which originated in China, has now extended across 83 countries, and is particularly virulent in Spain, the USA, Taiwan, Brazil and Mexico.

BitDefender Warns Valentines Day Lovers

BitDefender Lab is cautioning users to be on the lookout for Valentine’s Day-themed messages and urges users against opening suspicious emails from unknown senders.

January Top 10 malware activity from Fortinet

Top 10 malware activity by individual variant. Percentage indicates the portion of activity the malware variant accounted for out of all malware threats reported in this edition. Top 100 shifts indicate positional changes compared to last edition's Top 100 ranking, with "new" highlighting the malware's debut in the Top 100.
Rank Malware Variant Percentage Top 100 Shift
1 Spy/OnLineGames 8.8 +2
2 W32/Netsky!similar 8.2 -
3 W32/Virut.A 7.4 +3
4 HTML/Iframe.DN!tr.dldr 7.1 +1
5 HTML/Iframe_CID!exploit 6.9 -1
6 W32/Dropper.VEM!tr 5.4 +94
7 W32/MyTob.BH.fam@mm 3.7 +3
8 W32/Small.AACQ!tr.dldr 2.6 -1
9 W32/MyTob.AQ@mm 2.1 +6
10 W32/Basine.C!tr.dldr 1.9 -2

January virus activity review from Doctor Web

Doctor Web presents the virus activity review for January 2009. The first month of 2009 went rather smoothly except for the outbreak of Win32.HLLW.Shadow.based. It didn’t see mass mailings spreading malicious code in attachments or directing users to bogus web-sites. However, fraudulent SMS, fake anti-viruses, new Trojans turning user machines into botnet zombies as well as phishing attacks were registered every now and then.

Win32.HLLW.Shadow.based (Net-Worm.Win32.Kido, W32.Downadup, Worm:Win32/Conficker)

Monthly Malware Statistics from Kaspersky Lab: January 2009

Two Top Twenties have been compiled from data generated by the Kaspersky Security Network (KSN) throughout January 2009.

The first Top Twenty is based on data collected by Kaspersky Lab’s 2009 antivirus product and gives details of malicious, advertising, and potentially unwanted programs detected on users' computers.
Position Change in position Name
1 0 Virus.Win32.Sality.aa
2 0 Packed.Win32.Krap.b
3 1 Worm.Win32.AutoRun.dui
4 -1 Trojan-Downloader.Win32.VB.eql
5 3 Trojan.Win32.Autoit.ci
6 0 Trojan-Downloader.WMA.GetCodec.c
7 2 Packed.Win32.Black.a
8 -1 Virus.Win32.Alman.b
9 5 Trojan.Win32.Obfuscated.gen
10 10 Trojan-Downloader.WMA.GetCodec.r
11 New Exploit.JS.Agent.aak
12 -1 Worm.Win32.Mabezat.b
13 -3 Worm.Win32.AutoIt.ar
14 1 Email-Worm.Win32.Brontok.q
15 New Virus.Win32.Sality.z
16 New Net-Worm.Win32.Kido.ih
17 Return Trojan-Downloader.WMA.Wimad.n
18 -2 Virus.Win32.VB.bu
19 -2 Trojan.Win32.Agent.abt
20 New Worm.Win32.AutoRun.vnq

There were no major changes to the composition of the first Top Twenty during the first month of 2009. Exploit.JS.Agent.aak took the place of Trojan.HTML.Agent.ai and Trojan-Downloader.JS.Agent.czm which appeared in the December ratings. The AutoRun.eee worm, which has vanished from this month’s Top Twenty, has now been replaced by Worm.Win32.AutoRun.vnq. This is not surprising, as frequent new modifications are characteristic of these types of malicious program.

Win32.HLLW.Shadow.based exploits vulnerability of Windows

Doctor Web notifies users of the Win32.HLLW.Shadow.based worm spreading over the Internet. There are several ways for the worm to get into a system. One of them is to exploit vulnerabilities found in all versions of Windows starting with Windows 2000 and up to Windows 7. Win32.HLLW.Shadow.basedalso features a polymorphic packer and therefore is very hard to analyze.

Spreading

BitDefender Reports Older, Known Worm Causing New Outbreaks

Win32.Worm.Downadup, a worm which spreads by exploiting a vulnerability in the Windows RPC Server Service, has been detected by BitDefender®. The Downloadup worm (also called Conficker or Kido) itself is nothing new. It made its first appearance late November 2008, exploiting the MS08-067 vulnerability to spread unhindered in local area networks. Its purpose was to install rogue security software on infected computers.

December virus activity review from Doctor Web

Doctor Web presents the virus activity review for December 2008. The last month of the passed year confirmed forecasts of the annual review. In particular it saw an increase of e-mails spreading malware as well as a rising number of phishing attacks.

Twitter 'Direct Messages' pushes to adware site

The Fortinet Global Security Research Team has investigated a series of malicious Twitter direct messages that push users to a site offering potentially unwanted software in the form of free games. Malicious "Direct Messages" (aka DM) circulating on Twitter leading unsuspecting users to a site offering potentially unwanted software in the form of free games.

The malicious messages "spamvertise" iPhone-related websites:

Wanna win the new iPhone?
It's so easy and cool, I love this thing!

Visit: http://iphone[REMOVED].info

Syndicate content