Advertisment

Conficker re-emerging says Sunbelt

author-image
CIOL Bureau
Updated On
New Update



Advertisment

CLEARWATER, USA: Sunbelt Software, a provider of security software, has announced the top 10 most prevalent malware threats for the month of June 2010. The report, compiled from monthly scans performed by Sunbelt Software's award-winning anti-malware solution, VIPRE Antivirus, and its antispyware tool, CounterSpy, is a service of SunbeltLabs.

Most significant in June was a surge in detections of Trojan-Spy.Win32.Zbot.gen, a growing family of password-stealing Trojan horse programs, which moved up from fifth place in May to second in June as a result.

Also revealed by Sunbelt Software's ThreatNet statistics was the re-emergence of the high-profile Conficker worm, in the form of variant Downadup. Like the original Conficker strain, Downadup spreads across a network by taking advantage of a vulnerability in Windows Server service which allows remote code execution when file sharing is enabled. This particular variant of Downadup also spreads through removable drives and takes advantage of weak administrator passwords to turn off some system services and anti-malcode protection.

Advertisment

New entries in the top 10 in June were:

Packed.Win32.Tdss.q (v) (TDSS Rootkit)

Trojan.ASF.Wimad (v) (Redirect browsers to a malware-infected web site)

Advertisment

Worm.Win32.Downad.Gen (v) (A variation of the Conficker worm)

Trojan.ASF.Wimad (v) is a VIPRE detection for a group of Trojanized Windows media files which, when opened with Windows Media Player, redirect the victim's browser to a web site to download malicious files. They have been used to download a variety of malware. The growth in these detections in the month of June is widely due to increased activity around video downloads associated with the FIFA World Cup, which began on June 11.

Also read: Conficker.c can make computers run suboptimally

Advertisment

Trojan.Win32.Generic!BT - a generic detection for Trojans, continued to dominate the top 10 and accounted for a over a quarter (27.16 per cent) of all detections, down a fraction on the previous month. It is a detection that includes many downloaders associated with scareware or rogue security products.

Seven of the top 10 detections found also featured in May, while six of the top 10 were Trojan horse programs, highlighting a small decrease in the number of different types of Trojans being detected in volume. However, Trojans are still highly active, as illustrated by the growth in Trojan-Spy.Win32.Zbot.gen.

INF.Autorun (v), Trojan.Win32.Generic.pak!cobra and BehavesLike.Win32.Malware (v) also recorded significant month-on-month rises in percentage of detections."Although Trojans continue to dominate the top 10, June reveals interesting trends such as a fresh wave of Conficker-based detections, suggesting that this troublesome piece of malware is on its way back," said Sunbelt Software research centre manager Tom Kelchner.

tech-news