November 13, 2014 Leave a comment
The Top Ten Threats
Previous Ranking: 1
Percentage Detected: 3.66%
HTML/Refresh is a Trojan that redirects the browser to a specific URL location with malicious software. The program code of the malware is usually embedded in HTML pages.
Previous Ranking: 2
Percentage Detected: 2.24%
Win32/Bundpil.A is a worm that spreads via removable media. The worm contains an URL address from which it tries to download several files. The files are then executed and HTTP protocol is used for comunication with the C&C to receive new commands. The worm may delete the following folders:
Previous Ranking: 3
Percentage Detected: 2.17%
Previous Ranking: 5
Percentage Detected: 1.49%
Win32/RiskWare.NetFilter is an application that includes malicious code designed to force infected computers to allow an attacker to remotely connect to the infected system and control it, in order to steal sensitive information or install other malware.
Previous Ranking: 4
Percentage Detected: 1.47%
Win32/Adware.Multiplug is a Possible Unwanted Application that once it’s present into the users system might cause applications to displays advertising popup windows during internet browsing.
Previous Ranking: n/a
Percentage Detected: 1.45%
Generic detection of HTML web pages containing script obfuscated or iframe tags that that automatically redirect to the malware download.
Previous Ranking: 6
Percentage Detected: 1.40%
LNK/Agent.AK is a link that concatenates commands to execute legitimate code while running the threat code in the background. It is similar in its effect to the older autorun.inf type of threat. This vulnerability became known at the time of discovery of Stuxnet, as it was one of four vulnerabilities that were executed by Stuxnet variants.
Previous Ranking: 7
Percentage Detected: 1.34%
Sality is a polymorphic file infector. When executed it starts a service and created/deleted registry keys related to security applications activite in the system and to ensure that the malicious process restarts at each reboot of operating system. It modifies EXE and SCR files and disables services and processes implemented by and associated with security solutions.
More information relating to a specific signature: http://www.eset.eu/encyclopaedia/sality_nar_virus__sality_aa_sality_am_sality_ah
Previous Ranking: 8
Percentage Detected: 1.24%
Type of infiltration: Virus
HTML/Iframe.B is generic detection of malicious IFRAME tags embedded in HTML pages, which redirect the browser to a specific URL location with malicious software.
Previous Ranking: 10
Percentage Detected: 1.22%
INF/Autorun is a generic detection of versions of the autorun.inf configuration file created by malware. The malicious AUTORUN.INF file contains the path to the malware executable. This file is usually dropped into the root folder of all the available drives in an attempt to autorun a malware executable when the infected drive is mounted. The AUTORUN.INF file(s) may have the System (S) and Hidden (H) attributes present in an attempt to hide the file from Windows Explorer.