Internet threat level: 1
Home→Analysis→20 Oct 2009→Malware Miscellany, September 2009
Malware Miscellany, September 2009
After a lengthy interlude, we're renewing our monthly malware almanac by popular demand. We've made quite a few changes to it, hopefully for the better - we’ll let you be the judge of that.
| Категория | Наименование |
| Top 3 countries for malicious URLs |
Canada takes first
place, hosting more than 21% of the world’s malicious URLs. The US is
second with 16%, followed by China with 15%. |
| Top
3 countries hosting sites which spread malware |
China claims first
place, hosting 26% of all malicious sites globally. |
| Malicious site which affects the biggest number of Internet users |
www.langlangdor.com
accounted for 1.62% of all online infections globally. This is a porn
site located in China. Porn always attracts a lot of visitors, and it's
no secret that it's often used by cybercriminals to spread malicious or
suspicious content. There've been attempts (which were blocked) to
spread a wide variety of Trojans from this site – most of them are
Trojan-Downloader.Win32.Agent and Trojan.Win32.StartPage variants. |
| Site spreading the biggest number of unique malicious programs |
1142 unique
malicious programs were spread from www.gddsz.store.qq.com. The
programs vary widely, and cover virtually all the different types of
malware behavior in Kaspersky Lab's classification. |
| Biggest malicious program |
In September, this
category was led by Trojan.Win32.Chifrax.d at 388 MB. There are
numerous modifications of this Trojan, all larger than 300 MB.
Trojan.Win32.Chifrax.d is the name used to detect CAB archives which
have been specially modified by virus writers in order to evade
antivirus solutions. |
| Smallest malicious program |
Trojan.BAT.Shutdown.ab
is a mere 30 bytes. It’s part of another Trojan that uses it to shut
down the victim computer without asking the user’s consent. |
| Most widespread vulnerability on users’ computers |
In late July, Adobe
Flash Players 9 and 10 were found to have multiple vulnerabilities that
can be exploited by cybercriminals to gain access to a system, run
arbitrary code, gain access to confidential data or bypass security
systems. More information about the vulnerabilities and how to fix
them, can be found at: www.viruslist.com/en/advisories/35948 |
| Most common exploit |
Exploit.JS.DirektShow:
in combination with Exploit.Win32.DirektShow, this malware family
exploits a critical vulnerability in Internet Explorer 6.0 and 7.0 and
has recently become extremely widespread on the Internet. |
| Most widespread malware on the Internet |
In just a month, Packed.Win32.TDSS.z tried to penetrate
computers in 108 countries around the world. |
| Worst joke (hoax programs that scare or annoy users but don’t have a clearly malicious payload) | Hoax.JS.Agent.c displays an obscene video clip and bombards victims with offensive messages which can't be stopped. |
Comments
About
Blog
Source
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.