BitDefender’s top 10 e-threats for August

Worms continue to dominate BitDefender’s Top Ten E-Threats for August, with Trojan.Clicker.CM holding the number one spot with 14 percent of the total amount of infections. It is also becoming increasingly present on “warez” websites.

Ranking second on the list, Trojan.AutorunINF.Gen is accountable for 10 percent of the total number of infections globally. The Windows Autorun feature is used by multiple families of malware in order to propagate via removable media.

Trojan.Wimad.Gen.1 ranks third with 6 percent of the total number of worldwide infections. The Trojan affects ASF files with their ability to automatically download the appropriate video codec if it is missing from the system. Malware authors usually hijack the original specifications to force the file into downloading a malicious binary instead.

After more than 8 months since it first entered the list, Win32.Worm.Downadup ranks fourth with 4 percent of the total amount of infected machines. Also known as Conficker or Kido, the worm restricts access to the websites associated with IT security vendors.

Ranking fifth in this month’s Top Ten E-threats, Win32.Sality.OG is a polymorphic file infector that appends its encrypted code to executable files (.exe and .scr binaries.) In order to hide its presence on the infected machine, it deploys a rootkit and attempts to kill antivirus applications installed locally.

Sixth place is taken by Win32.Induc.A, a piece of malware, seen less often, infecting applications built with Borland (now Embarcadero) Delphi versions 4 through 7. The virus does not infect binary file, but rather modifies the SYSCONST.PAS file, injects its malicious code and then compiles the file back. All the applications built with the compromised compiler would be infected with the virus. Win32.Induc.A has no malicious payload, but its abrupt escalation in the Top Ten list shows that only few Delphi developers are aware of the widespread infection.

Trojan.Autorun.AET, in the seventh slot, is a piece of malware that spreads through the Windows shared folders, as well as via removable media (network attached storage devices or mapped drives). The Trojan exploits the Autorun feature implemented in Windows operating systems to automatically execute itself when an infected device is being plugged in.

Ranking eight in this month’s Top Ten E-threats, Trojan. JS.PYV is a malicious script affecting users who are browsing malicious websites or legitimate websites which were compromised by attackers.

The ninth place in the BitDefender’s list is taken by Win32.Virtob.Gen is a file infector written in assembly language. The piece of malware hides its presence by injecting hooks into other Windows processes, but avoids compromising system files. It also opens a backdoor that can be exploited by a remote attacker to seize control over the infected machine.

In tenth, Worm.Autorun.VHG is an Internet/network worm that exploits the Windows MS08-067 vulnerability in order to execute itself remotely using a specially crafted RPC (remote procedure call) package (an approach also used by Win32.Worm.Downadup). The increasing presence of the worm in BitDefender’s Top Ten E-threats reveals that users are still ignoring Microsoft’s security advisories and avoid deploying security patches.