Symantec Global internet Security threat report
Steals online gaming account information Displays false antivirus alerts and lowers security settings Allows remote access, logs keystrokes, and steals passwords Steals online gaming account information Generates traffic to websites and banner ads Steals online gaming account information Steals online banking account information Steals online banking account information Steals online gaming account information Disables security applications
Table 13. Top downloaded Source: Symantec
the second most downloaded component observed by Symantec in 2009 was the FakeAV153 trojan. this trojan displays false antivirus alerts and lowers security settings on compromised computers. the fake security alert attempts to trick users into visiting a website in order to download a fake antivirus application or spyware removal application. these types of rogue security software applications and components flourished in 2009. it is common for these applications to attempt to scare users into purchasing the software in order to resolve fake or overblown issues.154 if malicious software authors cannot directly coerce users to install the misleading applications, installing them as a component to a staged downloader is an attractive alternative.
Graybird155 was the third most frequently downloaded component in 2009. this back door gives an attacker full remote access to a compromised computer. it also captures cached passwords, logs keystrokes, and then sends all of this information to the remote attacker. Graybird also allows the attacker to download and install additional threats on the computer.
Many of the top downloaded components in 2009 were similarly ranked in 2008, indicating that these families continue to be prevalent and effective threats. in 2008, six of the 10 most downloaded components involved password stealing, keystroke logging, or advertisement promotion. in 2009, this has increased to nine of the top 10 most downloaded components, strongly indicating that profit continues to be the driving motivation for malicious code authors.
Exemplifying this trend in 2009 was the Banker.C156 trojan. it was used in two notable attacks on a bank in 2009.157 Bank employee computers were compromised with the trojan, allowing attackers to gain access to bank account credentials. One company lost $179,000 in a transfer to a russian bank account, and another company lost $81,000 to an unspecified offshore location.
153 154 155 156 157
http://www.symantec.com/security_response/writeup.jsp?docid=2007-101013-3606-99 h t t p : / / e v a l . s y m a n t e c . c o m / m k t g i n f o / e n t e r p r i s e / w h i t e _ p a p e r s / b - s y m c _ r e p o r t _ o n _ r o g u e _ s e c u r i t y _ s o f t w a r e _ W p _ 2 0 1 0 0 3 8 5 . e n - u s . p http://www.symantec.com/security_response/writeup.jsp?docid=2003-040217-2506-99 http://www.symantec.com/security_response/writeup.jsp?docid=2007-040208-5335-99 http://www.krebsonsecurity.com/2010/02/a-tale-of-two-victims/ d f