Subscribe for more News
The persistent threat of PC malware: Top Windows malware families of 2012 Reviewed by Momizat on . 2012 has seen various malware threats and international cyberespionage tools evolve to new heights. However, the PC still remains the most accessible device for 2012 has seen various malware threats and international cyberespionage tools evolve to new heights. However, the PC still remains the most accessible device for Rating:
You Are Here: Home » News » InfoSec » The persistent threat of PC malware: Top Windows malware families of 2012

The persistent threat of PC malware: Top Windows malware families of 2012

2012 has seen various malware threats and international cyberespionage tools evolve to new heights. However, the PC still remains the most accessible device for invading homes and planting malware.

The findings of the Annual Windows Malware report show that Windows still remains the most targeted OS all around the world and major malwares are created primarily for this platform, thanks to the massive user base. There are several social engineering tricks that attackers use to inject malware into the machines of victims and 2012 has seen a 170% rise in malware modifications and variations.

Furthermore, there was a 90% rise in Windows malware in 2012 and Trojans were most popular as they comprised 68% of total samples. The primary cause for this can be attributed to the exploitation of plug-ins like Java and also the widespread nature of drive-by downloads and active polymorphic attack techniques. Pirated software also carries increased risks of malware and this is something that users should be extremely cautious about.

2012 was a busy year for Windows based malware and we received close to 38 million samples of malware in this period. This is a massive number that cannot be taken lightly. The month of November saw the most activity with close to 5 million samples coming in. February, on the other hand, saw close to 2 million samples as the lowest total.

The most common form of malware were Trojans which accounted for 68% of the total number. The next most common family were backdoors which attempt to sneak in and take low-level control of infected machines with 13% of samples. Viruses, adware and worms were the other notable malware families of 2012.

The Top 10 malware families
Here is a list of the top 10 malware that were received during 2012.

Malware Family Description
W32.Sality.U This malware locates and deletes various executable files with specific extensions. It also disables security systems, steals cached passwords and logs keystrokes entered on the system. Once deployed, W32.Sality.U includes the machine in a P2P botnet and regularly receives additional malicious URLs. The original strain was discovered in 2006 but this latest 2012 version has evolved since then.
W32.Virut.G This backdoor virus opens up a channel of communication between an infected machine and the attacker in the form of an IRC (Internet Relay Chat). It further infects executable files (.exe and .scr) and allows the installation of other viruses in the future. It also spreads through USB Autoruns, malicious HTML iframes and file sharing over networks.
Trojan.Starter.yy4 This variant of the Starter Trojan can either enter a system when it is dropped by another preemptive malware or when it is downloaded unknowingly. Its payloads originate in corrupted downloads, pornographic images, email spam and corrupted video files. Once deployed, it also spreads to the network of the infected machine.
W32.Autorun.Gen Autorun worms are highly dangerous since they execute automatically when a USB drive or disc is inserted into a machine. This worm embeds itself in the autorun.inf file of a Windows based file and then steals cached passwords and installs a backdoor in a machine. Further malware can then be deployed through the backdoor thus opened.
TDSS/Alureon Known by many names, Alureon takes low-level control of the machine during boot-up. Once inside a machine it opens a back door, redirects search results to fake pages or malicious drive-by downloads and displays fake ads that invite certain actions. It has also been found in unsolicited P2P torrents.
W32.Ramnit.A This malware opens up backdoor access to a machine and awaits further instructions from a remote server. It usually infects executable files and HTML files in a machine. If a removable drive is inserted into the machine the virus spreads to the Recycle Bin of the drive and remains there unseen.
Worm.VB.HA This worm easily spreads through popular P2P file sharing applications and removable drives. Once inside, it downloads and runs arbitrary files that further infect a machine. It also enters the Autorun files of removable drives and hides itself in the Recycle Bin.
Rogue.FakeCog.gy Rather than one single malicious program, this is a series of fake programs that pretend to be antivirus solutions. They display fake antivirus alerts and trick victims into paying money to purchase rogue antivirus solutions. A number of these solutions also resemble legitimate software providers to successfully con victims.
W32.Xpaj.C While protected Windows files are safe from this virus, several other executable files are not. The complex polymorphic technique involved allows the virus to copy vulnerable files into a temporary directory and overwrite it with corrupted code. After this the original file is deleted from the machine.

Top 10 Global Windows malware families
 

Position

Global Malware Family

1

W32.Keygen

2

W32.Autorun

3

HTML/IframeRef

4

W32/Dorkbot

5

ASX/Wimad

6

Win32/Obfuscator

7

Win32/FakeAV

8

Win32/Conficker

9

Win32/Hotbar

Source: Microsoft Security Intelligence Report 2012

The findings of the Windows Malware Report shows the evolving nature of Windows based malware. There has been substantial growth in malware numbers and the breaching techniques used have also morphed their social and sharing nature. Cloud storage services have opened up doors into machine through multiple portals and this is something that we at Quick Heal Technologies are constantly striving to build protecting against. New features like Browser Sandboxing and Machine Learning aid our users against multi-pronged threats, though the most important weapon we possess against all threats is the power of awareness.

 

About The Author

Number of Entries : 120

Leave a Comment

Scroll to top