May 20, 2015 Leave a comment
The Top Ten Threats
Previous Ranking: 1
Percentage Detected: 3.57%
Win32/Adware.Multiplug is a Possible Unwanted Application that once it gets a foothold on the users system might cause applications to display pop-up advertising windows during internet browsing.
Previous Ranking: 2
Percentage Detected: 1.81%
Win32/Bundpil.A is a worm that spreads via removable media. The worm contains an URL address from which it tries to download several files. The files are then executed and HTTP is used for communication with the C&C to receive new commands. The worm may delete the following folders:
Previous Ranking: 7
Percentage Detected: 1.70%
Previous Ranking: 3
Percentage Detected: 1.67%
Win32/TrojanDownloader.Waski is a Trojan that uses HTTP to try to download other malware. It contains a list of two URLs and tries to download a file from the addresses. The file is stored in the location %temp%\¬miy.exe, and is then executed.
Previous Ranking: 6
Percentage Detected: 1.35%
LNK/Agent.AV is a link that concatenates commands to execute legitimate code while running the threat code in the background. It is similar in its effect to the older autorun.inf type of threat.
Previous Ranking: 4
Percentage Detected: 1.27%
Sality is a polymorphic file infector. When executed registry keys are created or deleted related to security applications in the system and to ensure that the malicious process restarts each time the operating system is rebooted.
It modifies EXE and SCR files and disables services and processes implemented by and associated with security solutions.
More information relating to a specific signature: http://www.eset.eu/encyclopaedia/sality_nar_virus__sality_aa_sality_am_sality_ah
Previous Ranking: 9
Percentage Detected: 1.20%
This is a file infector that executes every time the system starts. It infects .dll (direct link library) and .exe executable files and also searches htm and html files so as to insert malicious instructions into them. It exploits a vulnerability (CVE-2010-2568) found on the system that allows it to execute arbitrary code. It can be controlled remotely to capture screenshots, send information it has gathered, download files from a remote computer and/or the Internet, and run executable files or shut down/restart the computer.
Previous Ranking: N/A
Percentage Detected: 1.19%
Generic detection of HTML web pages containing obfuscated scripts or iframe tags that automatically redirect to the malware download.
Previous Ranking: N/A
Percentage Detected: 1.17%
Win32/Adware.ConvertAd is an adware used for delivery of unsolicited advertisements. The adware is usually a part of other malware.
Previous Ranking: 5
Percentage Detected: 1.14%
HTML/Refresh is a Trojan that redirects the browser to a specific URL location with malicious software. The program code of the malware is usually embedded in HTML pages.