March 2009
Drive-by Exploit Codes Dominates BitDefender▓s Top Ten E-Threats in February
Trojan.Clicker.CM wreaks havoc on the web for the second time this year
Drive-by-download components dominate February▓s list of Top Ten E-Threats, according to BitDefender╝. These drive-by-download components are atomic bits of malware strung together like a "daisy-chain" by malware creators. Each "atom" represents another attempt by cybercriminals to compromise the security of a user▓s system.
In first position for the second time this year - but in a much shorter lead than last month - is Norton-bypassing ad-serving malware, Trojan.Clicker.CM. Clicker.CM displays a large number of commercial pop-up windows in the current Web browser▓s background attempting to lure the user to click. If clicked, profits are generated for advertisements registered within a pay-per-click system. The trojan also uses several functions that bypass the Norton╝ Internet Security Pop-up Blocker.
Ranked 2nd, we find an older "daisy chain" - Trojan.Wimad.Gen.1 or the Wimad trojan, which masquerades as a player component for malicious ASF files. This trojan is loaded via a downloader trojan ranked last in the Top Ten E-Threats list.
The Conficker virus and its brethren are also present in this month▓s Top Ten via a generic detection against viruses that use the recent autorun bug in Windows - Trojan.AutorunINF.Gen with 4.17 percent of detections.
Ranked 8th is Trojan.IFrame.GA, a simple script which gets injected in compromised webpages and sends browsers to a collection of exploits such as Trojan.Exploit.ANPI (ranked 7th), which can direct vulnerable systems to a page containing Trojan.Exploit.SSX (in 5th position).
"This particular infection chain was taken directly from the analysis of a number of compromised and/or malicious websites hosted in China,■ explained Sorin Dudea, Head of BitDefender Antimalware Research. ⌠However, these exploits and downloaders may appear in similar attacks as well.■
Three more downloaders, not previously found in the Top Ten lists, hold ranks this month (Trojan.Downloader.JS.Psyme.SR, Trojan.Downloader.JLPK and Trojan.Downloader.Js.Agent.F), all serving the simple function of downloading and launching more malware onto affected computers from websites.
BitDefender▓s February 2009 Top 10 E-Threat list includes:
| Pos. | Name | % |
| 1. | Trojan.Clicker.CM | 5.87 |
| 2. | Trojan.Wimad.Gen.1 | 4.39 |
| 3. | Trojan.AutorunINF.Gen | 4.17 |
| 4. | Trojan.Downloader.JLPK | 3.94 |
| 5. | Trojan.Exploit.SSX | 3.92 |
| 6. | Trojan.Downloader.Js.Agent.F | 3.9 |
| 7. | Trojan.Exploit.ANPI | 3.77 |
| 8. | Trojan.IFrame.GA | 2.9 |
| 9. | Trojan.Downloader.JS.Psyme.SR | 2.32 |
| 10. | Trojan.Downloader.WMA.Wimad.S | 2.01 |
| Other malware | 62.81 |
In order to listen BitDefender's February list of Top Ten E-Threats, please visit BitDefender▓s podcast page.
To keep updated virus updates and company news, sign-up for BitDefender▓s RSS feeds.
About Bitdefender®
Bitdefender is the creator of one of the world's fastest and most effective lines of internationally certified internet security software.Since 2001, the company has been an industry pioneer, introducing and developing award-winning protection. Today, Bitdefender technology secures the digital experience of around 400 million home and corporate users across the globe.
Recently, the company has won a range of key independent recommendations in the US, UK and across Europe, including ConsumerSearch, Which?, Stiftung Warentest and Taenk. Bitdefender antivirus technology has also finished top in leading industry tests from both AV Test and AV-Comparatives. More information about Bitdefender's antivirus products is available from the company's security solutions press room. Additionally, Bitdefender publishes Malware City providing the latest updates on security threats and helping users stay informed in the everyday battle against malware.