The latest threats and how to protect against them

AutoInf

AutoInf is a component used by many malware families, notably Conficker, Sality and AutoRun. AutoInf is used to automatically run associated malware from removable media such as USB drives.

Autorun

Autorun is a family of worms and viruses for the Windows platform. The family gets its name from its use of the USB autorun functionality to automatically execute when an infected USB device is connected to a PC. The members of the Autorun family also use other methods of spread including file infection and traversing network shares.

Conficker

Conficker is a worm for the Windows platform. It first appeared in late 2008 and is now the most commonly seen malware worldwide. Conficker’s success is due to the multiple methods it uses to spread, exploiting an operating system vulnerability (now patched), weak passwords and removable storage devices.

Fake Antivirus

Fake antivirus software is a scam commonly used by malicious software creators in order to sell fake security software to unwitting victims. The scam will typically involve a webpage or pop-up that informs the user they have viruses or other malware on their computer, even though they do not. It then offers to clean the infection. When the user opts to clean up they are required to pay to obtain a version of the fake software the will perform the cleanup. After the victim pays the software may or may not cease the fake warnings.

Iframe

Iframe malware usually consists of a small addition to a legitimate webpage. The addition is usually invisible to the normal user of the page in that it does not affect the visual appearance of layout of the modified webpage. Malicious iframes usually cause the web browser to load additional, malicious content. As such they are used as the first step in the delivery chain for many different types of malware.

Sality

Sality is a family of file infecting viruses for the Windows platform. It first appeared in 2003 and has been in development ever since. In addition to infecting other files the members of the Sality family can also spread by copying themselves to removable storage devices and accessible network shares.

Zero Access Rootkit (ZAccess)

Zero Access is a family of rootkits and backdoors. It uses rootkit techniques to hide from security software while allowing remote attackers to control infected computers. Zero Access is commonly used to redirect a user’s web traffic.

Zeus

Zeus (also known as Zbot) is a widespread Trojan whose primary purpose is to steal information, usually financial data such as credentials for online banking. Zeus is also the name of the toolkit used to create these information stealing Trojans. The kit can be purchased on underground forums, enabling less technically able criminals to take advantage of the capabilities of Zeus.

Leave a Reply