The persistent threat of PC malware: Top Windows malware families of 2012

2012 has seen various malware threats and international cyberespionage tools evolve to new heights. However, the PC still remains the most accessible device for invading homes and planting malware. The number and nature of malware received by the Quick Heal Research & Development Labs in 2012 highlighted this fact.

The findings of the Annual Windows Malware report show that Windows still remains the most targeted OS all around the world and major malwares are created primarily for this platform, thanks to the massive user base. There are several social engineering tricks that attackers use to inject malware into the machines of victims and 2012 has seen a 170% rise in malware modifications and variations.

Furthermore, there was a 90% rise in Windows malware in 2012 and Trojans were most popular as they comprised 68% of total samples. The primary cause for this can be attributed to the exploitation of plug-ins like Java and also the widespread nature of drive-by downloads and active polymorphic attack techniques. Pirated software also carries increased risks of malware and this is something that users should be extremely cautious about. You can also refer to our Android malware report 2012.

2012 was a busy year for Windows based malware and we received close to 38 million samples of malware in this period. This is a massive number that cannot be taken lightly. The month of November saw the most activity with close to 5 million samples coming in. February, on the other hand, saw close to 2 million samples as the lowest total.

Windows malware distribution

The most common form of malware were Trojans which accounted for 68% of the total number. The next most common family were backdoors which attempt to sneak in and take low-level control of infected machines with 13% of samples. Viruses, adware and worms were the other notable malware families of 2012.

The Top 10 malware families
Here is a list of the top 10 malware that were received during 2012.

Malware family distribution

 

Malware Family

Description

W32.Sality.U

This malware locates and deletes various executable files with specific extensions. It also disables security systems, steals cached passwords and logs keystrokes entered on the system. Once deployed, W32.Sality.U includes the machine in a P2P botnet and regularly receives additional malicious URLs. The original strain was discovered in 2006 but this latest 2012 version has evolved since then.

W32.Virut.G

This backdoor virus opens up a channel of communication between an infected machine and the attacker in the form of an IRC (Internet Relay Chat). It further infects executable files (.exe and .scr) and allows the installation of other viruses in the future. It also spreads through USB Autoruns, malicious HTML iframes and file sharing over networks.

Trojan.Starter.yy4

This variant of the Starter Trojan can either enter a system when it is dropped by another preemptive malware or when it is downloaded unknowingly. Its payloads originate in corrupted downloads, pornographic images, email spam and corrupted video files. Once deployed, it also spreads to the network of the infected machine.

W32.Autorun.Gen

Autorun worms are highly dangerous since they execute automatically when a USB drive or disc is inserted into a machine. This worm embeds itself in the autorun.inf file of a Windows based file and then steals cached passwords and installs a backdoor in a machine. Further malware can then be deployed through the backdoor thus opened.

TDSS/Alureon

Known by many names, Alureon takes low-level control of the machine during boot-up. Once inside a machine it opens a back door, redirects search results to fake pages or malicious drive-by downloads and displays fake ads that invite certain actions. It has also been found in unsolicited P2P torrents.

W32.Ramnit.A

This malware opens up backdoor access to a machine and awaits further instructions from a remote server. It usually infects executable files and HTML files in a machine. If a removable drive is inserted into the machine the virus spreads to the Recycle Bin of the drive and remains there unseen.

Worm.VB.HA

This worm easily spreads through popular P2P file sharing applications and removable drives. Once inside, it downloads and runs arbitrary files that further infect a machine. It also enters the Autorun files of removable drives and hides itself in the Recycle Bin.

Rogue.FakeCog.gy

Rather than one single malicious program, this is a series of fake programs that pretend to be antivirus solutions. They display fake antivirus alerts and trick victims into paying money to purchase rogue antivirus solutions. A number of these solutions also resemble legitimate software providers to successfully con victims.

W32.Xpaj.C

While protected Windows files are safe from this virus, several other executable files are not. The complex polymorphic technique involved allows the virus to copy vulnerable files into a temporary directory and overwrite it with corrupted code. After this the original file is deleted from the machine.

 
Top 10 Global Windows malware families

Position

Global Malware Family

1

W32.Keygen

2

W32.Autorun

3

HTML/IframeRef

4

W32/Dorkbot

5

ASX/Wimad

6

Win32/Obfuscator

7

Win32/FakeAV

8

Win32/Conficker

9

Win32/Hotbar

 Source: Microsoft Security Intelligence Report 2012

The findings of the Windows Malware Report shows the evolving nature of Windows based malware. There has been substantial growth in malware numbers and the breaching techniques used have also morphed their social and sharing nature. Cloud storage services have opened up doors into machine through multiple portals and this is something that we at Quick Heal Technologies are constantly striving to build protecting against. New features like Browser Sandboxing and Machine Learning aid our users against multi-pronged threats, though the most important weapon we possess against all threats is the power of awareness.

Rahul Thadani

Rahul Thadani

Follow @

Subscribe
Notify of
guest
23 Comments
Inline Feedbacks
View all comments
Pradip Chowdhury
Pradip Chowdhury
7 years ago

You can add an irritating virus ‘funmoods’ which comes with some downloads. It attacks Google Chrome but is ineffective against IE 10. The only way to get rid of it is to uninstall Google Chrome.

Gaurav Suryawanshi
Gaurav Suryawanshi
7 years ago

thanks

Ashish
Ashish
7 years ago

it makes pc slow.

Rahul Jain
Rahul Jain
7 years ago

Facing Below problem:
dmwu.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
Please Let us know how can i remove using quickheal.

brijmohan
brijmohan
7 years ago

my computar running very slowy

ASHOK
ASHOK
7 years ago

dear sir my system is efected by trojon virus, i am also rugisturd q/h TOTAL Security than after my all data of pen drive is do not show but all data is abalable my pen drive please sugese me sir

thanks

govind purohit
govind purohit
7 years ago

i also found many times the virus Indian Movies and Indian Songs which was easily deleted by QHTS thanks to quick heal

Utkarsh
Utkarsh
7 years ago

thanks i got this news

Pankaj Gajare
Pankaj Gajare
7 years ago

There is problem with Quick Heal I’m facing files are get deleted and sometimes viruses were not able to find out, but for the same pendrives using other antivirus found and deleted. Please do something to make it better than others.

Sourav Roy
Sourav Roy
7 years ago

How can I perform antimalware scan ? after scanning what will I should do ? I mean if I clear the marwares, will my pc face any kind of problem, cause its saying to ” Set system restore point before cleaning” . Please help me.

PINTU
PINTU
7 years ago

I DON’T FELL ANY STRONG STEP Should I TAKE BECAUSE I’M WITH QHTS

Muhammad
Muhammad
7 years ago

Very great reports. That is what everyone need and interest to know that.
Keep on your great job!
Thanks

santanu
santanu
7 years ago

very nice. i am glad to know it as w32.autorun was also sometimes found in this computer but now cleared by quick heal so kindly see again if it is present in my computer during updating. Thank you.

Akash Rathore
Akash Rathore
7 years ago

i also found many times the virus software & windows file which was easily deleted by QHTS thanks to quick heal& this year QHTS is best antivirus in the world forever!!!

Akash Rathore
Akash Rathore
7 years ago

Furthermore, there was a 90% rise in Windows malware in 2013 and Trojans were most popular as they comprised 68% of total samples. The primary cause for this can be attributed to the exploitation of plug-ins like Java and also the widespread nature of drive-by downloads and active polymorphic attack techniques. Pirated software also carries increased risks of malware and this is something that users should be extremely cautious about. You can also refer to our Android malware report 2012.

Akash Rathore
Akash Rathore
7 years ago

The month of january saw the most activity with close to 5 million samples coming in. February, on the other hand, saw close to 2 million samples as the lowest total.

rajnish kumar
rajnish kumar
7 years ago

thanks

23
0
Would love your thoughts, please comment.x
()
x