The persistent threat of PC malware: Top Windows malware families of 2012

2012 has seen various malware threats and international cyberespionage tools evolve to new heights. However, the PC still remains the most accessible device for invading homes and planting malware. The number and nature of malware received by the Quick Heal Research & Development Labs in 2012 highlighted this fact.

The findings of the Annual Windows Malware report show that Windows still remains the most targeted OS all around the world and major malwares are created primarily for this platform, thanks to the massive user base. There are several social engineering tricks that attackers use to inject malware into the machines of victims and 2012 has seen a 170% rise in malware modifications and variations.

Furthermore, there was a 90% rise in Windows malware in 2012 and Trojans were most popular as they comprised 68% of total samples. The primary cause for this can be attributed to the exploitation of plug-ins like Java and also the widespread nature of drive-by downloads and active polymorphic attack techniques. Pirated software also carries increased risks of malware and this is something that users should be extremely cautious about. You can also refer to our Android malware report 2012.

2012 was a busy year for Windows based malware and we received close to 38 million samples of malware in this period. This is a massive number that cannot be taken lightly. The month of November saw the most activity with close to 5 million samples coming in. February, on the other hand, saw close to 2 million samples as the lowest total.

Windows malware distribution

The most common form of malware were Trojans which accounted for 68% of the total number. The next most common family were backdoors which attempt to sneak in and take low-level control of infected machines with 13% of samples. Viruses, adware and worms were the other notable malware families of 2012.

The Top 10 malware families
Here is a list of the top 10 malware that were received during 2012.

Malware family distribution

 

Malware Family

Description

W32.Sality.U

This malware locates and deletes various executable files with specific extensions. It also disables security systems, steals cached passwords and logs keystrokes entered on the system. Once deployed, W32.Sality.U includes the machine in a P2P botnet and regularly receives additional malicious URLs. The original strain was discovered in 2006 but this latest 2012 version has evolved since then.

W32.Virut.G

This backdoor virus opens up a channel of communication between an infected machine and the attacker in the form of an IRC (Internet Relay Chat). It further infects executable files (.exe and .scr) and allows the installation of other viruses in the future. It also spreads through USB Autoruns, malicious HTML iframes and file sharing over networks.

Trojan.Starter.yy4

This variant of the Starter Trojan can either enter a system when it is dropped by another preemptive malware or when it is downloaded unknowingly. Its payloads originate in corrupted downloads, pornographic images, email spam and corrupted video files. Once deployed, it also spreads to the network of the infected machine.

W32.Autorun.Gen

Autorun worms are highly dangerous since they execute automatically when a USB drive or disc is inserted into a machine. This worm embeds itself in the autorun.inf file of a Windows based file and then steals cached passwords and installs a backdoor in a machine. Further malware can then be deployed through the backdoor thus opened.

TDSS/Alureon

Known by many names, Alureon takes low-level control of the machine during boot-up. Once inside a machine it opens a back door, redirects search results to fake pages or malicious drive-by downloads and displays fake ads that invite certain actions. It has also been found in unsolicited P2P torrents.

W32.Ramnit.A

This malware opens up backdoor access to a machine and awaits further instructions from a remote server. It usually infects executable files and HTML files in a machine. If a removable drive is inserted into the machine the virus spreads to the Recycle Bin of the drive and remains there unseen.

Worm.VB.HA

This worm easily spreads through popular P2P file sharing applications and removable drives. Once inside, it downloads and runs arbitrary files that further infect a machine. It also enters the Autorun files of removable drives and hides itself in the Recycle Bin.

Rogue.FakeCog.gy

Rather than one single malicious program, this is a series of fake programs that pretend to be antivirus solutions. They display fake antivirus alerts and trick victims into paying money to purchase rogue antivirus solutions. A number of these solutions also resemble legitimate software providers to successfully con victims.

W32.Xpaj.C

While protected Windows files are safe from this virus, several other executable files are not. The complex polymorphic technique involved allows the virus to copy vulnerable files into a temporary directory and overwrite it with corrupted code. After this the original file is deleted from the machine.

 
Top 10 Global Windows malware families

Position

Global Malware Family

1

W32.Keygen

2

W32.Autorun

3

HTML/IframeRef

4

W32/Dorkbot

5

ASX/Wimad

6

Win32/Obfuscator

7

Win32/FakeAV

8

Win32/Conficker

9

Win32/Hotbar

 Source: Microsoft Security Intelligence Report 2012

The findings of the Windows Malware Report shows the evolving nature of Windows based malware. There has been substantial growth in malware numbers and the breaching techniques used have also morphed their social and sharing nature. Cloud storage services have opened up doors into machine through multiple portals and this is something that we at Quick Heal Technologies are constantly striving to build protecting against. New features like Browser Sandboxing and Machine Learning aid our users against multi-pronged threats, though the most important weapon we possess against all threats is the power of awareness.

Rahul Thadani

Rahul Thadani


23 Comments

Your email address will not be published.

CAPTCHA Image

  1. Avatar Pradip ChowdhuryJanuary 10, 2013 at 12:00 PM

    You can add an irritating virus ‘funmoods’ which comes with some downloads. It attacks Google Chrome but is ineffective against IE 10. The only way to get rid of it is to uninstall Google Chrome.

    Reply
  2. Avatar Gaurav SuryawanshiJanuary 10, 2013 at 5:50 PM

    thanks

    Reply
  3. it makes pc slow.

    Reply
    • Rahul Thadani Rahul ThadaniJanuary 16, 2013 at 10:38 AM

      Hi Ashish,
      We suggest that you clean up your PC with the help of PCTuner to speed up performance. Alternately, maybe your configuration needs an update to make the machine run faster. Please contact our support center on 927-22-33-000 to discuss these issues.
      Regards.

      Reply
  4. Facing Below problem:
    dmwu.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
    Please Let us know how can i remove using quickheal.

    Reply
  5. my computar running very slowy

    Reply
  6. dear sir my system is efected by trojon virus, i am also rugisturd q/h TOTAL Security than after my all data of pen drive is do not show but all data is abalable my pen drive please sugese me sir

    thanks

    Reply
  7. Avatar govind purohitJanuary 10, 2013 at 7:09 PM

    i also found many times the virus Indian Movies and Indian Songs which was easily deleted by QHTS thanks to quick heal

    Reply
  8. thanks i got this news

    Reply
  9. Avatar Pankaj GajareJanuary 10, 2013 at 10:39 PM

    There is problem with Quick Heal I’m facing files are get deleted and sometimes viruses were not able to find out, but for the same pendrives using other antivirus found and deleted. Please do something to make it better than others.

    Reply
  10. How can I perform antimalware scan ? after scanning what will I should do ? I mean if I clear the marwares, will my pc face any kind of problem, cause its saying to ” Set system restore point before cleaning” . Please help me.

    Reply
  11. I DON’T FELL ANY STRONG STEP Should I TAKE BECAUSE I’M WITH QHTS

    Reply
  12. Very great reports. That is what everyone need and interest to know that.
    Keep on your great job!
    Thanks

    Reply
  13. very nice. i am glad to know it as w32.autorun was also sometimes found in this computer but now cleared by quick heal so kindly see again if it is present in my computer during updating. Thank you.

    Reply
  14. Avatar Akash RathoreJanuary 12, 2013 at 6:03 PM

    i also found many times the virus software & windows file which was easily deleted by QHTS thanks to quick heal& this year QHTS is best antivirus in the world forever!!!

    Reply
  15. Avatar Akash RathoreJanuary 12, 2013 at 6:07 PM

    Furthermore, there was a 90% rise in Windows malware in 2013 and Trojans were most popular as they comprised 68% of total samples. The primary cause for this can be attributed to the exploitation of plug-ins like Java and also the widespread nature of drive-by downloads and active polymorphic attack techniques. Pirated software also carries increased risks of malware and this is something that users should be extremely cautious about. You can also refer to our Android malware report 2012.

    Reply
  16. Avatar Akash RathoreJanuary 12, 2013 at 6:08 PM

    The month of january saw the most activity with close to 5 million samples coming in. February, on the other hand, saw close to 2 million samples as the lowest total.

    Reply
  17. Avatar rajnish kumarJanuary 15, 2013 at 7:12 PM

    thanks

    Reply