Israel based security firm Checkpoint Software Technologies has come out with its report on Threat Index. It came out with a list of 10 most wanted malware for June 2016. The top spot was grabbed by Conficker followed by Sality which replaced Tinba, the second most active malware in the month of May. The report named Hummingbad as the 3rd most wanted malware.
In this article we will take you through a detailed aspects of the 10 most wanted Malwares.
It has once again topped the list of 10 most wanted Malware. First detected in November 2008, it is a computer worm which targets Microsoft Windows operating system. It is also known by several other names such as Downup, Downadup and Kido. It works by exploiting the flaws in Windows OS software and performs dictionary attacks on administrator passwords to propagate while forming a botnet.Countering it has remained difficult even as of now because of its combined use of many advanced techniques.It beat the infamous Welchia infection of 2003 and has emerged as the largest ever known computer worm infection by affecting millions of computers which include government, business and home computers in over 190 countries. Among the various key features of this malware is it’s ability to disable the Microsoft Windows System security thereby allowing remote operations and data theft. The infected machines are then controlled by a botnet, which receives instructions from Command and Control server upon contact.
Sality has surprisingly replaced Tinba for the 2nd stop in the list of 10 most wanted Malware. First discovered in 2003, it is not an individual malware but aclassification for a family of malware, which infects files on Microsoft Windowssystems. Over the years it has advanced to become a dynamic and enduring malware which is what makes it quite deadly. Once infected by Sality, the systems tend to communicate over a peer-to-peer (P2P) network for various purposes like relaying spam, proxying of communications, exfiltrating sensitive data, and compromising web servers. In last 5 years few variants under this classification of malware have started using rootkit functions. Because of its continued advancement and increasing complexity and sophistication, Sality is considered to be one of most formidable forms of malware to deal with.
It is an malware that has emerged as one of the most persistent and obstinate threats for the Android users. It is estimated that Hummingbad has infected around 85 million mobile devices till date. It works by establishing a persistent rootkit on the android device followed by installation of fraudulent application. It has been also shown to perform extremely malicious activity like installation of Key-logger through which it steals private data. Another reason to worry is that it can bypass encrypted email containers as well.
Also known as Zbot, it is a Trojan which infects different versions of Microsoft Windows. It is mostly used to steal banking information through various malicious activities like man-in-the-browser, keystroke logging and form grabbing. Add to this, it has been used to install the infamous ransomware CryptoLocker. It was first identified in 2007 when it was used to steal information from the United States Department of Transportation. Mainly spread through drive-by downloads and phishing schemes, it has gained notoriety for compromising over 75000 FTP accounts of organisations like Bank of America, NASA, Monster.com, ABC, Oracle and Amazon.
It was first founded in 2007 and affects systems with Microsoft Windows. It is especially a botnet which is involved in sending spam e-mails and DDOS attacks as well. It is not a self-installing bot but is installed infected machines by a Trojan component called Pushdo. After installation, the bot connects directly to the remote server and receives instructions about the emails they should send. Once the task is completed, the bots connect again to the spammer and report the statistics of their operation.
First discovered in 2011, it is a Trojan horse that affects systems with Microsoft Windows operating system. It uses peer-to-peer(P2P) protocol to install other malwares on the infected machine. It uses rootkit techniques to remain hidden on the system and is mostly involved in bitcoin mining and click fraud. It has been estimated to affect atleast 9 million systems till date.
It is a worm that targets systems which have a vulnerable version of JBoss Application Server installed. It creates a malicious JSP page on vulnerable systems that executes arbitrary commands. Additionally, it creates a Backdoor that connects with the remote IRC server and obtains commands.
It is a family of malware worms that spreads through instant messaging, USB drives, websites or social media channels like Facebook. As per Checkpoint report it is an IRC-based worm designed to allow remote code execution by its operator, as well as download additional malware to the infected system, with the primary motivation being to steal sensitive information and launch denial-of-service attacks.
Previously Microsoft also had carried out an analysis of this malware. As per the analysis Darkbot enables a remote attacker to download and run a file from a specified URL . A system infected with Dorkbot may be used to send spam, participate in DDOS attacks or harvest user credentials for online services including banking services. In 2015 Microsoft Malware Protection Center detected Dorkbot on an average of 100,000 infected machines each month between May and December.
9. Tiny Banker Trojan
Tiny Banker Trojan also called Tinba, is a malware program that targets financial institution websites. In previous month of May it occupied 2nd spot after Conficker on the list of 10 most wanted Malware, however it is down at number 9 in June. Tinba is a modified form of an older form of viruses known as Banker Trojans, yet it is much smaller in size and more powerful. It works by establishing man-in-the-browser attacks and network sniffing. Since its discovery, it has been found to have infected more than two dozen major banking institutions in the United States, including TD Bank, Chase, HSBC, Wells Fargo, PNC and Bank of America. It is designed to steal users sensitive data, such as account login information and banking codes.
It is a notorious ransomware. It works by encrypting non-binary user files such as text, documents, images, videos and more. It then displays a text file with instructions on how to decrypt the files and demanding payment for using the decryption service. It is usually dropped by other malware which have been installed on the machine, or downloaded directly when browsing a malicious or compromised website.