In first position for the second time this year - but in a much shorter lead than last month - is Norton-bypassing ad-serving malware, Trojan.Clicker.CM that uses several functions that bypass the Norton Internet Security Pop-up Blocker. Clicker.CM displays a large number of commercial pop-up windows in the current Web browser’s background attempting to lure the user to click.
Ranked 2nd, we find an older "daisy chain" - Trojan.Wimad.Gen.1 or the Wimad trojan, which masquerades as a player component for malicious ASF files. This trojan is loaded via a downloader trojan ranked last in the Top Ten E-Threats list.
The Conficker virus and its brethren are also present in this month’s Top Ten via a generic detection against viruses that use the recent autorun bug in Windows - Trojan.AutorunINF.Gen with 4.17 percent of detections.
Ranked 8th is Trojan.IFrame.GA, a simple script which gets injected in compromised webpages and sends browsers to a collection of exploits such as Trojan.Exploit.ANPI (ranked 7th), which can direct vulnerable systems to a page containing Trojan.Exploit.SSX (in 5th position).
These are drive-by-download components are bits of malware strung together like a “daisy chain” by malware creators. Each "atom" represents another attempt by cybercriminals to compromise the security of a user’s system.
“This ‘daisy chain’ as we called it, designates a number of compromised and/or malicious websites hosted in China”, said Sorin Dudea, Head of BitDefender Antimalware Research. “However, these exploits and downloaders may appear in similar attacks as well.”
Three more downloaders, not previously found in the Top Ten lists, hold ranks this month Trojan.Downloader.JS.Psyme.SR, Trojan.Downloader.JLPK and Trojan.Downloader.Js.Agent.F, all serving the function of downloading and launching more malware onto affected computers from websites.
In lipsa unui acord scris din partea InternetCorp, puteti prelua maxim 500 de caractere din acest articol daca precizati sursa si daca inserati vizibil linkul articolului Drive-by-download components dominate February's list of top ten e-threats.