2006: The Latest
Security Threats
With
the start of the new year, hope for better times brings with
it the doom of newer, fresher, more intelligent and more aggressive
security threats that will compromise your data and computer
performance. Following up on last month's theme, this article
presents the latest security and performance threats and how
they will effect you if you don't get the necessary protection.
Just last month alone, about 30% of computers
around the world were infected with a virus or some sort of
malware.
The below table was taken from McAfee
and records the number of infected computers all over the world
for each of the viruses listed on the left hand side and the
% of total computers scanned online at McAfee.
As you can see, 8 in every 100 computers scanned
were in fact infected with at least one virus. How many people
had more than one? Well, according to Panda
Software, last month, 30% of computers all over the world,
for example, have been infected by a virus or by some sort of
malware.
The areas of highest concentration of the threats
registered are in North and South America and continental Europe,
or the areas of greatest PC penetration.
The following is a summary from
Panda about the latest active viruses, hoaxes and spyware. To
learn more about viruses, hoaxes, spyware, adaware and a host
of other malware, read On
the Origin and Evolution of Computer Viruses.
Top Five Active Viruses
Sdbot.ftp
This is a variant of the Sdbot worm that spreads via the Internet
by attacking random IP addresses. These variants will attempt
to exploit the several vulnerabilities in Windows OS. If they
succeed in downing so, they will create and run a scipt which
will download a worm via ftp to your computer. According to
Panda, Sdbot.ftp is difficult to recognize, as it does not display
any messages or warnings that indicate it has reached the computer.
Tearec.A
A worm that disables and terminates a number of antivirus programs,
if they are installed on the infected computer. It also tries
to delete files belonging to several programs, including peer-to-peer
file sharing programs and other Internet applications, which
would obviously stop such applications from working. It also
monitors network traffic of certain connections that are related
to anti-virus and email applications and may gets passwords.
The virus spreads over email.
Netsky.P
Netsky.P is a worm that spreads via e-mail in a message and
through peer-to-peer (P2P) file sharing programs. It is automatically
activated when the e-mail message is viewed through Outlook's
Preview Pane since there is a vulnerability in Internet Explorer,
which allows e-mail attachments to be automatically run. Netsky.P
is difficult to recognize.
Metafile
Metafile is code specifically written to exploit a critical
vulnerability on Windows 2003/XP/2000 computers in the library
GDI32.DLL, which is used by the Windows Picture and Fax Viewer,
Internet Explorer and Outlook, among other applications. If
your computer is vulnerable, the virus the code will be executed.
The vulnerability can be exploited by creating a specially crafted
WMF (Windows MetaFile) image and then distributing it using
any means: for example, hosting it in a web page and enticing
users into accessing it. At times, if the original extension
of the malicious WMF file is changed to the extension of other
typical image formats (BMP, DIB, EMF, GIF, ICO, JFIF, JPE, JPEG,
JPG, PNG, RLE, TIF or TIFF), the Windows vulnerability is still
exploitable.
If you have a Windows 2003/XP/2000 computer,
Panda Software recommends to download and apply the security
patch referred to the Graphics Rendering Engine vulnerability,
which is included in the security bulletin MS06-001. for this
vulnerability.
Sober.AH
Sober.AH is a worm spreading via email with English or German
text that ends several processes belonging to some security
tools. Sober.AH is easy to recognize once it has affected the
computer, as it displays a fake error.
Top Five Hoaxes
ICE Hoax
ICE hoax is not a virus; it is a hoax. A hoax
is a trick message that wourl warn you of a virus that may not
exist. The ICE hoax is usually an an email message, whose content
warns of malicious uses that are related with the ICE (In Case
of Emergency) contact. ICE is an initiative to get in touch
with the relatives of possible victims involved in accidents,
catastrophes or similar situations. The aim of ICE hoax is to
cause alarm and get users to forward the message. To avoid problems,
ignore the information, because it is completely false and you
should also immediately delete the message, without forwarding
it to anyone.
Hoax/Tsunami in South
Asia
Tsunami is a hoax that tries to
get well-meaning users to forward the message to as many people
as possible. The e-mail message deals with the tsunamis ocurred
in South Asia in December 2004, and which caused a humanitarian
disaster. Tsunami appears to be a perfectly normal email but
is recognizable by its content, which always refers to the tsunamis
ocurred in South Asia in December 2004, and asks recipients
to forward the message to others.
Athens 2004
Athens2004 is a hoax usually an e-mail message that tricks users
into thinking that a new virus is spreading via an e-mail message
with the attachment ULTIMAS DE ATENAS.COM. This virus does not
exist. To avoid problems, ignore the information, because it
is completely false and you should also immediately delete the
message, without forwarding it to anyone.
Llamada Perdidas
Llamadas Perdidas is another hoax
or an e-mail message that warns that several telecommunications
companies are about to charge lost calls made to cellphones.
Llamadas Perdidas arrives in an apparently normal e-mail message,
but which can be identified by its message. The message text
always warns users that several telecommunications companies
are about to charge lost calls made to cellphones. To avoid
problems, ignore the information, because it is completely false
and you should also immediately delete the message, without
forwarding it to anyone.
Frog and Fish Warnings
Frog and Fish warnings is e-mail message that
tricks users into thinking that two jokes referred to a frog
(BLENDER.EXE) and a fish (FISH.EXE) are actually viruses. To
avoid problems, ignore the information, because it is completely
false and you should also immediately delete the message, without
forwarding it to anyone.
Top Five Adware and Spyware
Gator
Gator is adware - it displays
advertisments it downloads through port 80.
WUpd
WUpd is an adware type program,
which offers users an application in exchange for viewing a
series of advertisements. WUpd stores information on the Internet
usage habits of the affected user and displays pop-up advertisements
founding on this data.
Secure32
Secure32 is adware.
nCase
nCase is an adware type program
which is executed in the background and displays information,
offers and products according to keywords previously entered
by the user while surfing the Internet. However, nCase downloads
and displays advertisements, founding on the Internet usage
habits. In addition, nCase modifies the browser Internet Explorer
homepage as well as some of its search options.
New.net
New.net is a spyware program,
which is usually included in applications that can be downloaded
from the Internet. New.net adds a toolbar to the Internet Explorer
browser. New.net is easy to recognize, as it adds a toolbar
to the Internet Explorer browser.
Keep protected! For more information
on viruses read On
the Origin and Evolution of Computer Viruses and visit Panda
Anti-Virus.
Experience Uniblue products
Click here to run a demonstration of:
RegistryBooster 2 - Clean, repair, and optimize your system.
SpeedUpMyPC 3 - Maximise system performance.
SpyEraser 2 - Protect your PC against privacy threats.
|
