Welcome Guest. | Log In| Register | Membership Benefits


Page 1 of 19 next page »

Discovered on January 26, 2004, MYDOOM reached a peak infection rate of 1 in every 12 e-mails, becoming the largest mass-mailer outbreak after SOBIG.F in September 2003. Although MYDOOM.A was not the first worm to demonstrate how effectively virus and spamming techniques could be combined, it was perhaps to the most successful and signaled its widespread adoption.

Discovered on January 26, 2004, MYDOOM reached a peak infection rate of 1 in every 12 e-mails, becoming the largest mass-mailer outbreak after SOBIG.F in September 2003. Although MYDOOM.A was not the first worm to demonstrate how effectively virus and spamming techniques could be combined, it was perhaps to the most successful and signaled its widespread adoption.  Discovered on March 21, 2004, this worm is still a present threat in e-mail traffic today.  First seen in October 2001, PARITE infects host files and drops executable malware. This image shows how PARITE has infected its host file. PARITE is still prolific on the threat landscape today.  Discovered in mid 2006, VIRUT is a polymorphic file infector that downloads and runs other malicious programs. It will infect all the executable files it can find in order to propagate. Occasionally this means that it infects other pieces of malware, as shown here, which showcases an infected copy of MYTOP.  This type of spam is common, promoting degrees from "degree farms" or "prestigious non-accredited universities." The spam often includes phone numbers instead of URLs. These phone numbers are usually just voice-mail boxes, where a long greeting explains the offer, and interested people are then invited to leave their details.  Although called Russian, the e-mails are not actually in Russian, but rather professional looking newsletter-type spam sent by Russian spam gangs. This spam run used blunt, direct subjects to prey on recipients' personal insecurities.  Phishing continues to be a serious problem with many users finding it difficult to distinguish phishes from legitimate e-mails. There are several common "angles" of phishing attacks. Some, like this example, require the recipient to confirm their details, often under the guise of enhancing security.  Other phishing attacks, focus on a looming deadline, implying that the recipient's credit card or bank account access will be restricted unless they act quickly and provide personal information.  CUTWAIL also known as PUSHDO and PANDEX, is one of the world's largest botnets controlling more than one million active bots.  Some Trojans specialize in information gathering. PWSLINEAGE is a password stealer (PWS) from the popular Asian Massively Multiplayer Online Role-Playing Game (MMORPG) in which accounts can be worth real money. Other similar games have been targeted. This class of malware is over a year old.  CIMUZ is an information stealing Trojan that hooks itself into some internet browsers. By capturing information entered or saved by the user, including passwords, keystrokes and other confidential information, it transmits the harvested data to its controller. This terminates security software and unlocks firewalls, leaving the computer vulnerable to further attacks.  TODYNHO is an information-stealing Trojan which originated in Brazil. It steals a victim's bank account details. The name TOFYNHO was taken from the name of the e-mail attachment.  HUIGEZI is a targeted Trojan dropped via a .PDF exploit. It spies on audio and video communications, via Web, e-mail, IM and other avenues. It is most commonly used for industrial espionage.  TT.PDF is a PDF attached to an e-mail which doesn't contain any real content. If opened, a message is displayed stating that the document is damaged and is being repaired. The document viewer may then crash as malicious code is written to disk and then executed. The first thing it then does is to display another .PDF with the expected content in order to cover its tracks.  argeted Trojan CAPTION: TT.DOC is a document used to conceal a targeted trojan. This one arrived in an e-mail claiming to contain a report about security issues for the Beijing Olympics and was sent to a small number of businesses and sporting bodies involved with the Olympic Games.  A class of targeted Trojans which are endlessly variable in order to defeat signature based detection and carefully encoded to avoid behavioral techniques. Although it has been around for a number of years, new versions are continually evading conventional antivirus systems due to the variation in code.  OGUEWARE SPYSHERIFF, Fake Anti-Spyware Program CAPTION: Masquerading as an anti-spyware program, this software deliberately slows down the computer it is running on and displays intrusive pop-up advertising. The program also frequently pesters victims to pay to upgrade to a full or premium version.  Keyloggers are a particularly dangerous type of security threat. They save all keystrokes on that computer to a file for later use. GHOST is even more advanced as it also saves screenshots and addresses of Web sites visited. This extra information can be used to easily identify sites that passwords belong to and then carry out fraudulent activity using the accounts.  One of the most common social engineering tricks over the last couple of years, this e-mail pretends to be an e-postcard sent by a friend or family member. Clicking on the link redirects the victim a few times before downloading a piece of malware onto the victim's computer. 

MYDOOM, E-mail Worm

Discovered on January 26, 2004, MYDOOM reached a peak infection rate of 1 in every 12 e-mails, becoming the largest mass-mailer outbreak after SOBIG.F in September 2003. Although MYDOOM.A was not the first worm to demonstrate how effectively virus and spamming techniques could be combined, it was perhaps to the most successful and signaled its widespread adoption.
Image: MessageLabs, now part of Symantec.