Chronicle of malware detected in the first half of 2006

Although there were no significant epidemics during the first six months of 2006, an extraordinary number of new malicious codes have emerged. This situation responds to the new malware dynamic, in which the main objective is financial gain. Cyber-criminals try to install their creations hidden on systems, so as not to arouse suspicion from users and IT security companies. However, it is precisely because of this new strategy that a large number of new malicious codes are released every day, above all, malicious codes that are ideal for returning financial gain, such as spyware, bots and keylogger Trojans.

However, among the new malware specimens that appeared, some stand out not for their capacity to spread or steal bank details, but more as anecdotes. So, based on certain more or less intriguing characteristics, Panda Software has drawn up the following ranking of the malware that emerged during the first half of 2006:

РThe sexiest. Without a doubt, this award goes to the Tearec.A worm, better known as Kamasutra. This worm spread through email messages with explicit texts like Sex or Sex videos. However, instead of showing videos or risqu̩ images, on the third day of each month, this worm overwrote all the files with certain extensions that it found on the affected computer.

– The most methodical. It is true that the majority of the variants of Bagle can disable the security applications running on the computers they infect, but Bagle.IB goes even further, as it disables up to 525 different processes. Nobody can say that it is not meticulous, but another issue is the state in which the computer is left after receiving this unwanted visitor.

– The most schizophrenic. This title rightly goes to Biwili.A. This malicious code can infect both Windows and Linux platforms. What we don’t know is whether the appearance of this worm comes from its indecisive author not knowing which platform to infect or a malicious intention to do twice the damage.

– The most terrifying. BlackAngel.B shows a true horror movie style image, which is accompanied by messages in Spanish like: “En el 1er d?­a te espantas, en el 2? te desesperas, en el 3? buscas ayuda y en el 4? mueres.” (On the 1st day you will be scared, on the 2nd you will be desperate, on the 3rd you will look for help and on the 4th you die). But what could really “die” was the computer, as this worm deleted essential keys from the Windows Registry.

– The lustiest. In this category, we have to mention the spyware program PornMagPass, which although it promised free access details for pornographic websites, actually dropped malicious programs on the system.

– The most sporty. Two malicious codes are neck-in-neck for this award. The first is Sixem.A, which supposedly offered photos related to the FIFA World Cup 2006, Germany, and the second is Bagle.GZ, which used email messages referring to the Winter Games in Turin.

– The most complex. This “accolade” goes to the Detnat.A virus, which used polymorphic encryption to hide its code and impede detection. Fortunately, its author worked for nothing, as there is not antivirus program worth its salt that could not detect and eliminate it.

– The most innovative. Without fear of being wrong, in this category we can nominate Leap.A, Inqtana.A and Oomp.A, which were the first malicious codes designed to infect MAC OS X.

– The nature lover. Nobody questions the beauty of the Snowy owl, a member of this family of birds of prey, but the annoying habit of Hoots.A to send images of this bird to every network printer it came across seems an excessive way to show its love of nature.

– The most versatile. The winner in this category is Cxover.A, a malicious code that could jump from computer to PDA when they were connected.

– The most studious. In this case, the “honor” does not go to the malicious code PGPCoder.D, but to its author, who studied RSA encryption (asymmetric key) to incorporate it instead of the symmetric key used in earlier versions.

– The sharpest. This title goes to Clickbot.A, which automatically clicks on pay-per-click advertisements, earning (albeit fraudulently) an extra income.

Share this