MISCELLANEOUS

Hey, Conficker, Where Have you Gone?

When one e-threat goes down, other ten take its place.

 

We are one month deep into 2011 and the e-threat landscape already shows signs of major changes, with old foes taking a leave of absence and new ones crawling the way to the top.

The good news: an update a day keeps malware away

Both software developers and security providers constantly strive to patch vulnerabilities and re-enforce their applications to combat malicious techniques that might pose a danger to the users’ PCs.

A quick look over the international malware top for January reveals that one of the most important pieces of malware – the Downadup worm (also known as Conkficker and Kido) – has moved from the first place to the third. Since the Conficker is one of the worms particulary targeting Windows® XP®, the dramatic decrease can only mean that computer users have understood the importance of keeping the system up to date by either migrating from Windows XP to Windows 7®, or by applying the hotfix issued by Microsoft®. Even though the worm continues to show up in the top three places (with a significant percentage of 5.78 from the total amount of malware worldwide), it has almost gone extinct in countries like Great Britain, for instance, whereWin32.Worm.Downadup doesn’t even make it in the top 10 e-threats anymore. One good sign, because as you can see, this e-threat means bad.

The bad news: high piracy rate makes room to other malware

Here comes the downside: software piracy. There sprung a newcomer in the malware landscape of early 2011, namely Trojan.Crack.I.  This application is a keygen, a binary file designed to defeat the commercial protection of shareware software products by generating false registration keys. Its emergence on the second place is an indicator of the fact that the worldwide software landscape is affected by piracy and the subsequent threats posed by this practice. Germany, Great Britain, Spain and Romania appear to fight this battle, as this e-threat made its debut in their local malware charts as well.

This apparently harmless keygen installs a Trojan that is meant to collect various details about further applications that run on the compromised computer (name, version, registration keys etc), as well as to install a backdoor service that allows remote access to the infected system.

However, software piracy can bring users more harm than the possibility of having their software keys stolen and sold on websites that allegedly sell “OEM” software on discount. Most of the illegally registered applications will deny access to updates (such as operating systems and antivirus solutions) and this will definitely spell trouble when the bad guys start their hunt for zero-day exploits.

BitDefender Top 10 E-Threats in January 2011:

1. Trojan.AutorunINF.Gen – 7.40%

2. Trojan.Crack.I – 5.82%

3. Win32.Worm.Downadup.Gen – 5.78%

4. Gen:Variant.Adware.Hotbar.2 – 4.26%

5. Java.Trojan.Downloader.OpenConnection.AI – 3.56%

6. Win32.Sality.OG – 2.24%

7. Gen:Variant.Adware.Hotbar.1 – 2.23%

8. Exploit.CplLnk.Gen – 2.19%

9. Win32.Sality.3 – 2.00%

10. Win32.Worm.DownadupJob.A – 1.92%

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author

Loredana BOTEZATU

A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.