At Halloween, monsters are not all costume-clad children knocking on your door. Or colleagues at the after-work party. Or even just confined to silver screen blockbusters. Malware Monsters can also creep silently into yours and your clients’ IT systems.
Once they’re through the digital door, they can wreak havoc – stealing sensitive data, stealthily adding computers to a botnet, or tracking your every move online.
We’ve looked through our malware ‘Top Detections List’ to identify the most common malware monsters out there today. Here are seven you’ll want to ensure you’re protected from this October 31st.
- BrowseFox.BU
- Agent.PJT
- Gen:Variant.Adware.BrowseFox.10
- Gen:Variant.Adware.Graftor.201006
- HTML.Ramnit.A
- CVE-2010-2568.Gen
- Sality.3
So what do these malware do?
Adware or Potentially unwanted Program (PUP)
The primary function of these types of applications is to make revenue through advertising. Usually they come bundled in different software that poses as freeware.
Although at first it appears to be harmless, many ads which adware serves can lead to websites, which will download malware and compromise the computer.
Functionality:
- Hijacks the browser’s search engine and replaces it with its own search engine.
- Injects ads in the browser regardless of the webpage visited.
- Tracks the user’s online activity and serves ads that most of the time will lead to malware.
- It is developed to be hard to remove from a system.
- Data collected by adware can be sold to third parties without any legal consequences, due to terms accepted when installing a freeware application.
What is the business impact for you or your clients?
Computers infected with this type of malware could display unexpected behavior, such as linking to malicious websites that pose an even worse threat towards your IT infrastructure.
If the adware causes an additional load, performance of IT systems could significantly decrease, effectively slowing down operational speed and work efficiency.
Trojans (Exploit.CVE-2010-2568.Gen, Trojan.HTML.Ramnit.A)
A program that appears to be legitimate, but in fact does something malicious. It will perform the following actions: Download other malware, steal Private Information (passwords, credit card info), modify/delete files, crash the system, send out attacks (DoS, spam), keystroke logging, create backdoors for remote access.
The two Trojans we have in our monster list are particularly crafty as they take advantage of the latest security exploits in order to avoid detection and to infect computers.
Functionality:
- Activates unwanted access for the attacker to the compromised computer.
- Monitors visited websites and performs man-in-the-middle attacks on certain websites.
- They are being used to create a botnet out of the infected computer. Botnets are being used to create DDOS attacks. Black hat hackers are selling nowadays Botnets or on demand, DDOS attacks to anyone interested.
- Steals cookies to hijack online sessions for banking and social media websites.
- Opens a gateway to other malware to be downloaded when needed.
What is the business impact for you or your clients?
Trojans open a backdoor that remains unlocked, granting unwanted access to anyone using this exploit.
This exposes the infected computer to all kinds of options such as copying sensitive files, etc.
Virus (Win32.Sality.3)
This is a self-replicating program that spreads by inserting copies of itself into other executable code or documents.
The target for this monster is Windows executable files with the extensions .EXE or .SCR. Also it has a polymorphic component which allows it to mutate after each infection thus making it hard to detect and remove without proper anti-malware protection.
Viruses are usually created with specific targets in mind and they spread though the network, USB drives, e-mail attachments.
Functionality:
- Makes sure that it will not be deleted by terminating Antivirus processes, stops security updates, blocks websites to Antivirus companies and injects in legitimate processes.
- Collects data using a key-logger component and sends it to predefined e-mail addresses
- Some variants can create P2P networks with each other thus making sure that if removed it can be installed again from another affected computer.
- Most of the time it is being used to create Botnets for DDOS attacks or Anonymous proxy servers, which can be sold to hackers.
What is the business impact for you or your clients?
A virus could result in total meltdown of the infected devices.
As the name implies, viruses can spread quickly inside a network by copying themselves multiple times or even sending themselves to contacts via email.
Here’s a Halloween treat
The pattern is clear in our top detections list. Malware is being used to generate more profit than ever.
Previously malware was used to compromise a system – and now it is used in combination with clever marketing techniques and development skills to fly under the radar and generate the highest revenue possible.
As a Halloween treat – how would you like to have peace of mind in as little as 5 minutes time?
Protect your clients’ IT infrastructure from all of these malware monsters, and more, with ITbrain Anti-Malware.
ITbrain is integrated in TeamViewer. Test ITbrain Anti-Malware for free and keep your computers clean and safe at all times.
