Posts Tagged ‘malware’
by FireHost Evangelist on September 9th, 2009
We often hear Malware being referred to as a broad categorization for all bad things on the internet. In reality however, there are many different types of attacks that make up this threat category.
Data collected on the geographical distribution of malware “Phone Home” locations in the first half of 2009 shows that the USA hosts 35% of malware worldwide, followed by China (14%) and Brazil (8%). Additionally, cyber criminals use TCP port 80 most often for downloading and HTTP to transfer and send infections so they can avoid suspicion as these are both very common protocols.
Trojan malware rose the most in popularity in samples collected between January – June this year, and the penetration of viruses increased slightly. PUPs, Backdoors, and Worms declined just a little. Here’s how each category contributed to malware as a whole.
- Trojan – Trojans represent 55% of all Malware on the internet. Here’s how they work: Trojans perform a variety of malicious functions such as spying, stealing information, logging key strokes and downloading additional Malware.
- Backdoor (21%): Backdoors provide functionality for a remote attacker to log on and/or execute arbitrary commands on the affected system.
- Pup, a Potentially Unwanted Program (8%): PUPs are programs which the user may consent on being installed but may affect the security posture of the system or may be used for malicious purposes. Examples are Adware, Dialers and Hacktools/“hacker tools” (which includes sniffers, port scanners, malware constructor kits, etc.)
- Worm (6%): Worms self-propagate via e-mail, network shares, removable drives, file sharing or instant messaging applications.
- Virus (4%): Viruses propagate by infecting host files
(more…)
Tags: fraudtool, infostealers, malware, Secure Web Hosting, trojan
Posted in: Web Hosting | No Comments »
by FireHost Evangelist on August 25th, 2009
In a press release last week, Symantec revealed the top 100 dirtiest websites, but less than half of them (48%) were dirty in the way you’re thinking. The majority of the list’s subject matter features less scandalous content like catering, figure skating, legal services, and buying electronics.
Websites that made the list represent the “worst of the worst” based on the number of threats detected by Norton Safe Web. Without downloading or clicking on anything in particular, you risk exposing your computer to infection and revealing your personal and financial information into the hands of cyber criminals. Simply visiting one of these websites could infect your computer, so we don’t recommend you actually visit any of the websites that made the list.
So what makes these websites so dirty? Malware, security risks like phishing, and browser exploits top the list. In fact, the average number of threats found on the top dirtiest sites is… (ready for this?) 18,000, and 40 of the top 100 dirtiest websites have more than 20,000 unique threats each lurking in the shadows waiting to exploit unknowing visitors.
(more…)
Tags: dirtiest websites, Hackers, malware, Secure Web Hosting
Posted in: Security | No Comments »
by FireHost Evangelist on June 16th, 2009
In less than one hour last Thursday, Internet security journalist Elinor Mills mastered the tools of the hacker trade at McAfee’s Malware Experience event.
It takes “as little as $300 to infect several Windows clients and take complete control of them in a test environment,” Mills reports. By using real samples of malicious code, she was able to infect PCs with a Sub Seven Trojan and gain remote access to the machines. Once inside the computers, she was exposed to some of the malicious tricks hackers can play on unsuspecting malware victims.
(more…)
Tags: Hackers, malware, Secure Web Hosting, Sub Seven Trojan
Posted in: Security | No Comments »
by FireHost Evangelist on June 12th, 2009
Recently Trustwave, a payment card industry security and compliance firm, discovered malware installed on ATMs in Russia and Ukraine.
According to the article on eWeek.com, malware on each of the infected machines (running Windows XP) was installed and activated through a Borland Delhi RAD (Rapd Application Development) executable dropper file by the name of isadmin.exe. The dropper binary contains a Data Resource (RCDATA) named PACKAGEINFO that contains the actual malware. The dropper file is executed when the hacker inserts a fake ATM card with the malware trigger code into the machine. Once activated, the trigger code produces the malware file Isass.exe inside the C:\\WINDOWS directory of the compromised system.
The eWeek.com article reports that this particular ATM hacker vulnerability can be easily modified to target multiple ATM vendors and is making it’s way to other countries, including the US.
Tags: malware, Secure Web Hosting, trustwave
Posted in: Security | No Comments »
