The Latest in IT Security

Top 10 Malware Families of 2011


Today is the last day of the year and the right time to list out the top 10 Malwares of this year. Below list is based on our report which is generated from the automated feedback that we collect from Quick Heal installations across India.

Top 10 Malware Families of 2011

. W32.Autorun.Gen: Autorun worms spread from USB/thumb drives as well as fixed and mapped drives. Autorun worms typically drop or download additional malware, usually backdoors and password stealers.

.W32.Sality: Is PE-Infector that infects executable in the root folder, files on network shares, and removable drives.

.Trojan.Agent.gen: A malware family that uses HTTP to reach a remote server. Trojan Agents use packers to evade signature detection, install themselves using randomly-generated filenames, and add auto-run keys to the Windows registry. Trojan Agent downloads the Rogue Application and other components.

.W32.Virut: Is file infecting virus with IRC-based backdoor functionality. It can accept commands to download other malware on the compromised machine.

.Worm.VBNA: A worm is a malware designed to propagate and spread across networks. Worms are known to propagate using one or several of different transmission vectors such as email, IRC, network shares, instant messengers (IM), and peer-to-peer (P2P) networks. VBNA also displays a fake virus infection warning to trick users into purchasing fake anti-malware software. Scare tactics like this appear to be on the rise, preying upon uninformed users.

.Trojan.Starter: A malicious Trojan horse or bot that may represent security risk for the compromised system and/or its network environment.

.LNK.Exploit: Is a malicious shortcut files that exploits the vulnerability that is currently exploited by the malware family. When a user browses a folder that contains the malicious shortcut using an application that displays shortcut icons, the malware runs instead.

.Worm.SlenfBot.Gen: Another botnet that can spread via instant messaging programs such as include MSN Messenger, Yahoo Messenger and Skype. It may also spread via removable drives and also by exploiting the MS06-040 vulnerability. The worm also contains backdoor functionality that allows unauthorized access to an affected machine.

.FakeAV. Though strictly not a virus, it’s the scam of choice of most of modern malware so all infections have a fake antivirus scam as a visible payload. This enabled fake antivirus groups to become the con artists of the year helped by virus creators everywhere. One reason that FakeAV is that users have grown accustomed to receiving virus warnings in mail messages, generated by legitimate desktop, server, and gateway AV programs.

.TDSS/Alureon. It infects the MBR of victim machine and takes control at boot time. It has one of the most complex Bootkit components ever seen and apparently a very shrewd development team behind it. Malware components alter DNS settings, hijack search requests, display malicious ads, intercept confidential data, download arbitrary files, and corrupt disk drivers.

.W32.Ramnit: Is PE-Infector that infects executable and html files in the root folder, files on network shares, and removable drives. Virus opens a backdoor and waits for instructions.

Leave a reply


TUESDAY, MAY 24, 2022

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments