X hits on this document

PDF document

Symantec enterpriSe Security - page 53 / 97

247 views

0 shares

0 downloads

0 comments

53 / 97

Symantec Global internet Security threat report

Type

Impact

Trojan Virus, worm Trojan

Infects media files and downloads files from remote addresses Downloads files from remote addresses

Uses Microsoft Windows Media Digital Rights Manager to trick user into downloading files

Trojan Worm Worm, back door Worm Worm, back door Trojan Worm

Redirects browser to malicious Web page Downloads files from remote addresses Downloads files from remote addresses Downloads files from remote addresses Downloads files from remote addresses Downloads files from remote addresses Downloads files from remote addresses

Rank

Sample

1 2 3

Brisv Sality.AE Wimad

4

Vundo

5

SillyFDC

6

Downadu

7

Imaut

8

Spybot

9

Zlob

10

Imaut.AA

Table 12. Top staged Source: Symantec.

downloaders

p.B

the second most prevalent downloader component observed by Symantec in 2009 was the Sality.AE virus. Once it is installed on a computer, Sality.AE attempts to contact certain ip addresses to download and install its secondary components. One of the files it attempts to install is an adware program that will periodically display pop-up advertisements. if clicked, these ads will generate income for the malicious code author (and possibly the adware developer, if they happen to be separate people).

the Wimad trojan147 was the third most common staged downloader component in 2008. this trojan arrives on computers as a license-protected multimedia file. When the file is opened, Wimad exploits the intended functionality of digital rights management (DrM) technology in order to open a window and access an attacker-controlled UrL. When an attacker’s Web page is processed, a deceptive message is displayed that asks the user to click a button. if clicked, the trojan will download other threats, including adware and spyware.

Downloaded components

the most prevalent downloaded component in 2009 was the Gampass148 trojan (table 13). Gampass uses keystroke-logging functionality to steal authentication credentials for online gaming accounts. popular targets include Lineage,149 rexue, Jianghu, and rohan, which are all popular games in the ApJ region. Gampass is commonly downloaded by worms such as Mummawow,150 Wowinzi,151 and Fubalca.152

147 148 149 150 151 152

http://www.symantec.com/security_response/writeup.jsp?docid=2005-011213-2709-99 http://www.symantec.com/security_response/writeup.jsp?docid=2006-111201-3853-99 http://www.symantec.com/security_response/writeup.jsp?docid=2005-011211-3355-99 http://www.symantec.com/security_response/writeup.jsp?docid=2007-032015-4300-99 http://www.symantec.com/security_response/writeup.jsp?docid=2008-050714-5642-99 http://www.symantec.com/security_response/writeup.jsp?docid=2007-062214-3636-99

53

Document info
Document views247
Page views247
Page last viewedMon Dec 05 03:30:29 UTC 2016
Pages97
Paragraphs2532
Words45916

Comments