Top 10 malware of the week

According to data gathered at the Infected or Not website the NaviPromo adware has been the most active malicious code this week. Adware occupies nine spots in the top ten most prevalent malicious codes this week. The only exception is the Virtumonde spyware, which takes second place.

As for the thousands of new codes that have appeared this week, the PandaLabs report looks at the Keylogger.DB, Banker.KTG and MonaRona.A Trojans and the FakeDeath.A worm.

Keylogger.DB exploits a vulnerability recently discovered by PandaLabs in Access, Microsoft’s Access database application. This Trojan is designed to capture key strokes so that it can get any information entered by the user on web pages.

The Banker.KTG Trojan spreads by using social engineering techniques. In this case, the bait is a link to a video that users receive via email. If the user tries to play the video, a message is displayed informing them that they need to download a video codec to view it. However if they do it, they will actually be downloading a copy of the Nabload.DCH Trojan onto their computer.

Banker.KTG is designed to steal information entered through virtual keyboards, one the security measures implemented by many online banks.

This Trojan spreads in a similar way to Orkut.AT, a Trojan recently detected by PandaLabs which uses the Orkut social network to reach victims. The MonaRona.A Trojan also uses social engineering techniques to spread, in this case, by offering users the possibility of downloading the Unigray application.

Once it has reached the computer, the Trojan displays a warning message identifying itself as a virus that has been created to protest against human right violation. This malware has been designed to carry out malicious actions like disabling the Task Manager or end processes belonging to certain applications.

Finally, PandaLabs has detected a number of junk emails announcing Fidel Castro’s death which have been used to distribute the FakeDeath.A worm. This emails contain a link to a video. If the user clicks the link, they will become infected. To trick them, the malicious code displays a false story announcing Castro’s death.

The worm downloads multiple copies of itself to P2P application shared folders and creates a key in the Registry Windows to ensure it is run every time the system is started up.

Share this