The Spread of Malware

by **Admin** Thu Sep 02, 2010 7:31 am

Anyone
who owns a computer has probably heard what a virus is. Most with
personal computers may even have their own units infected with one type
of virus at one point or another. If you haven’t, it’s time you learn
about it because this can destroy your data. Viruses are programs
created to become a nuisance. The term encompasses all sorts of
malicious software there is in the market. While some are totally
destructive, most are annoying and can cause minor errors in the
computer system.

Currently,
the human population in this planet is now 6.9 billion. About one
billion of its inhabitants, or 16.7 percent, owns or use a computer.
Analysts project that by the end of this year it will double. With
these figures in mind, let’s find out how many computers do viruses
infect and what are the most prevalent or common viruses. As of June
2009, there are about 1.9 million computers which are infected with some
type of adware or malware. This estimate is quite conservative
considering the number of unreported cases in many parts of the world.

Position	Name	Number of infected computers
1	Net-Worm.Win32.Kido.ih	58,200
2	Virus.Win32.Sality.aa	28,758
3	Trojan-Dropper.Win32.Flystud.ko	13,064
4	Trojan-Downloader.Win32.VB.eql	12,395
5	Worm.Win32.AutoRun.dui	8,934
6	Trojan.Win32.Autoit.ci	8,662
7	Virus.Win32.Virut.ce	6,197
8	Worm.Win32.Mabezat.b	5,967
9	Net-Worm.Win32.Kido.jq	5,934
10	Virus.Win32.Sality.z	5,750
11	Trojan-Downloader.JS.LuckySploit.q	4,624
12	Virus.Win32.Alman.b	4,394
13	Packed.Win32.Black.a	4,317
14	14 Net-Worm.Win32.Kido.ix	4,284
15	Worm.Win32.AutoIt.i	4,189
16	Trojan-Downloader.WMA.GetCodec.u	4,064
17	Packed.Win32.Klone.bj	3,882
18	Email-Worm.Win32.Brontok.q	3,794
19	Worm.Win32.AutoRun.rxx	3,677
20	not-a-virus:AdWare.Win32.Shopper.v	3,430

Spreading Malware

Malware
is short for malicious software. Why malicious? Because it
infiltrates a computer system. What is the goal of malware? The general
goal of a malware is to harvest DATA. It can be user login, passwords,
credit card information, bank accounts or transactions or databases that
are stored on your PC or web.

A
few years ago, e-mail spam with promotional or news-related items were
the most popular ways of introducing a malware. However, individuals
and companies have strengthen their e-mail security, which made it
e-mailing become less popular among hackers. Also, spam mails are not
read anymore. They automatically go to the trash folder.

Security
experts believe that malware developers have changed their ways or
strategies in delivering their attacks. This time, they are spreading
them through websites, using search links with bogus websites or click
on icons of popular product advertisements like AV (anti-virus
software), and also using events like the death of a popular artist or a
popular movie that users would likely to download.

Below is the June 2009 stats for websites infected with malwares (source: http://www.kaspersky.com/news?id=207575855):

Position	Name	Number of infected websites
1	Trojan-Downloader.JS.Gumblar.a	27103
2	Trojan-Downloader.JS.Iframe.ayt	14563
3	Trojan-Downloader.JS.LuckySploit.q	6975
4	Trojan-Clicker.HTML.IFrame.kr	5535
5	Trojan-Downloader.HTML.IFrame.sz	4521
6	Trojan-Downloader.JS.Major.c	4326
7	Trojan-Downloader.Win32.Agent.cdam	3939
8	Trojan-Clicker.HTML.IFrame.mq	3922
9	Trojan.JS.Agent.aat	3318
10	Trojan.Win32.RaMag.a	3302
11	Trojan-Clicker.SWF.Small.b	2894
12	Packed.JS.Agent.ab	2648
13	Trojan-Downloader.JS.Agent.czm	2501
14	Exploit.JS.Pdfka.gu	2441
15	Trojan-Clicker.JS.Agent.fp	2332
16	Trojan-Dropper.Win32.Agent.aiuf	2002
17	Exploit.JS.Pdfka.lr	1995
18	not-a-virus:AdWare.Win32.Shopper.l	1945
19	not-a-virus:AdWare.Win32.Shopper.v	1870
20	Exploit.SWF.Agent.az	1747

From
the table, it can be seen that thousands of websites have or are being
infected by one form of malware or another. This is an indication that
their delivery has gone to harboring or posting websites to delivering
the malicious software.

How do hackers spread malware from websites?

1. Using search engines and posing as legitimate products.
All of us go to search engines to find out about something. Malware
users and developer are now using tools that legitimate web
administrators use in order to promote and get a good ranking for their
websites in search engines like Google, Yahoo, MSN and AOL.

SEO
(Search engine Optimization) – A technique used by website
administrators to improve the volume of traffic for their websites has
also been used by malware propagators in the form of Spamdexing, link farmsand keyword stuffing.

Paid
Web Advertising – Criminals also pay to advertise their bogus websites
that are packed with malwares. The advertisement could be a form of
product to download or help the poor program.

2. Getting in to social networking websites and other popular websites.

One
of the hottest trends in the Internet is the social networking websites
like Facebook, Friendster, and Multiply. Facebook.com alone garnered
1,191,373,339 monthly visits this year. Plus, it is believed that most
of the users are not security conscious. Very tempting for malware
propagators to exploit. Their methods of attack:

- Post as a social networking website user and post malwares in the form of products or downloads.

-
Post as a Facebook user who is known by a group and send message to
see a Youtube link, which has been engineered to make users think that
they need to update their flash application to view it. By the time the
user clicks the update button, malware kicks-in and install a botnet,
which not only infects the account but the entire server as well.

-
Exploiting vulnerabilities of a CMS (Content Management System)
website and others and then inserting malicious iframes. Inserting
iframes is like loading one web page inside another. To conceal its
presence, it is often a very small piece of code that is not visible
from the browser. What most iframes do is redirect unwary users to
malware sites.