Top 10 Malware Families of 2011

Top 10 Malware Families of 2011

• W32.Autorun.Gen: Autorun worms spread from USB/thumb drives as well as fixed and mapped drives. Autorun worms typically drop or download additional malware, usually backdoors and password stealers.

•W32.Sality: Is PE-Infector that infects executable files in the root folder, files on network shares and removable drives.

•Trojan.Agent.gen: A malware family that uses HTTP to reach a remote server. Trojan Agents use packers to evade signature detection, install themselves using randomly-generated filenames and add auto-run keys to the Windows registry. Trojan Agent downloads the Rogue Application and other components.

•W32.Virut: Is a file infecting virus with IRC-based backdoor functionality. It can accept commands to download other malware on the compromised machine.

•Worm.VBNA: A worm is a malware designed to propagate and spread across networks. Worms are known to propagate using one or several different transmission vectors such as email, IRC, network shares, instant messengers (IM) and peer-to-peer (P2P) networks. VBNA also displays a fake virus infection warning to trick users into purchasing fake anti-malware software. Scare tactics like this appear to be on the rise, preying upon uninformed users.

•Trojan.Starter: A malicious Trojan horse or bot that may represent security risk for the compromised system and/or its network environment.

•LNK.Exploit: Is a malicious shortcut file that exploits the vulnerability that is currently exploited by the malware family. When a user browses a folder that contains the malicious shortcut using an application that displays shortcut icons, the malware runs instead.

•Worm.SlenfBot.Gen: Another botnet that can spread via instant messaging programs such as include MSN Messenger, Yahoo Messenger and Skype. It may also spread via removable drives and also by exploiting the MS06-040 vulnerability. The worm also contains backdoor functionality that allows unauthorized access to an affected machine.

•FakeAV. Though strictly not a virus, it’s the scam of choice of most modern malwares so all infections have a fake antivirus scam as a visible payload. This enabled fake antivirus groups to become the con artists of the year in lieu with virus creators everywhere. One reason that FakeAV is successful is that users have grown accustomed to receiving virus warnings in mail messages generated by legitimate desktop, server and gateway AV programs.

•TDSS/Alureon. It infects the MBR of victim machine and takes control at boot time. It has one of the most complex Bootkit components ever seen and apparently, a very shrewd development team behind it. Malware components alter DNS settings, hijack search requests, display malicious ads, intercept confidential data, download arbitrary files and corrupt disk drivers.

•W32.Ramnit: Is PE-Infector that infects executable and html files in the root folder, files on network shares and removable drives. Virus opens a backdoor and waits for instructions.