Custom Search

Friday, February 29, 2008

Top 10 most prevalent global malware !!

1. TROJ_GENERIC

Malware Type: Trojan
This is the Trend Micro generic detection for low-threat Trojans. It also installs itself as a browser helper object (BHO) by creating certain registry keys.

2. WORM_NUWAR.CQ

Malware Type: Worm
This worm arrives as an attachment to mass-mailed email messages. It spreads by attaching a copy of itself to an email message, which it sends using its own Simple Mail Transfer Protocol (SMTP) engine. Having its own SMTP engine allows it to send messages without using any mailing application, such as MS Outlook.

3. WORM_NYXEM.E

Malware Type: Worm
This worm propagates by attaching copies of itself to email messages that it sends to target addresses, using its own SMTP engine. Through this SMTP engine, it is able to easily send the email message without using other mailing applications, such as Microsoft Outlook.

4. WORM_NETSKY.DAM

Malware Type: Worm
This is Trend Micro's detection for the damaged samples of WORM_NETSKY variants. It runs on Windows 95, 98, ME, NT, 2000 and XP.

5. HTML_NETSKY.P

Malware Type: HTML
This HTML malware arrives as an email with an executable file attachment that is detected by Trend Micro as WORM_NETSKY.P. It exploits a known vulnerability in Internet Explorer versions 5.01 and 5.5 known as the Automatic Execution of Embedded MIME Type. This vulnerability causes Internet Explorer to automatically run executable file attachments in email messages.

6. TROJ_SMALL.EDW

Malware Type: Trojan
This Trojan arrives as a file dropped by other malware like WORM_NUWAR.CQ or as a file downloaded unknowingly by a user when visiting malicious URLs. It may also arrive as a downloaded copy by earlier variants.

It is also spammed via email using subject lines related to specific events. The image below is a sample of the said email message.


7. WORM_RONTKBR.GEN

Malware Type: Worm
This is Trend Micro's detection for unknown and future variants of WORM_RONTOKBRO and WORM_BRONTOK malware programs. It serves as a proactive means of safeguarding against possible attacks of the aforementioned malware.

8. WORM_ANIG.A

Malware Type: Worm
This memory-resident worm propagates by dropping copies of itself in shared network drives. It steals login information and saves the obtained data in a file, which can be retrieved by a remote user. Its keylogger component substitutes the standard Microsoft Graphical Identification and Authentication DLL (MSGINA.DLL) to carry out its information-stealing routine.

9. PE_PARITE.A

Malware Type: Worm
This file infector infects .EXE and .SCR files on an infected system and on remote network shares with read and write access. It makes use of port 30167 in order to access network shares. It stays in memory by injecting itself into EXPLORER.EXE; thus, hiding its running process.

10. WORM_MOFEI.B

Malware Type: Worm
This destructive, memory-resident worm attempts to log on to remote machines using a list of user names. It then drops and executes a copy of itself on the remote machines. It has backdoor capabilities, and may execute commands coming from a remote malicious user. The said routine provides the remote user virtual control over the affected machine, thus compromising system security.
Source: Trend Micro

No comments: