Malware Evolution: July Roundup

July brought evidence that hand held PCs are no longer invulnerable to malware. The first virus capable of infecting Pocket PCs running Windows CE appeared on 17th July. WinCE.Duts.a is also able to infect systems running Windows Mobile, as more recent versions of the operating system are called.

Although Duts is capable of replicating, it was not detected in the wild, and does not present a threat to Pocket PCs. However, it was coded by a virus writer who was previously an active coder of spyware programs. Many of these programs are now widespread. So it seems reasonable to assume that viruses which will cause serious damage to hand held computers are not that far in the future. And this naturally highlights the issue of information security: such a virus could be used to steal or leak confidential data. As most handheld computers are used in a business environment, such viruses could pose a serious security risk.

Duts extended the range of platforms vulnerable to malware; other programs demonstrated that the techniques used by virus writers to ensure their creations replicate are also evolving. Mydoom.m used the search engines Google, AltaVista, Lycos and Yahoo! to harvest email addresses, and then sent itself to all addresses found. Previous versions of Mydoom only sent themselves to email addresses found in the Microsoft Outlook address book and some files on the infected computer. At first glance, it seemed that Mydoom.m had tapped into an almost unlimited resource.

As long as even one machine infected by Mydoom.m remains connected to the Internet, any user may find the worm in his or her inbox. However, Mydoom.m’s propagation mechanism restricted the spread of the worm, due to the way in which the algorithm for search requests was coded. The text searched for used the domain name of the victim machine, which limited the number of search results. However, it seems likely that worms of the future will structure searches which are not in any way dependent on the victim machine, e.g. a worm will be programmed to harvest email addresses from forums, guest books and other rich sources. So Internet users who have openly posted their email addresses may, in the future, find themselves threatened not only by spam, but by new malicious programs.

More versions of Bagle appeared in July; Bagle.aa, like Mydoom, differed from its predecessors. Bagle.aa spread in the form of an executable file which contained the worm’s own source code. Although this did not increase the threat posed by the worm, the ready availability of the source code makes it likely that further modified versions of Bagle will be released into the wild. This is undoubtedly yet another method to increase the number of machines penetrated, without resorting to complex coding techniques or social engineering.

The past few months have shown that installing backdoors on victim machines is becoming more and more popular. This results not only in mass mailed infected messages, but also to the propagation of opportunistic viruses and worms. July’s example was Worm.Win32.Zindos.a, which infected systems left open by Mydoom.m

Standard file viruses are also continuing to evolve. There was a marked increase in piggybacking: in July, a number of email worms were detected where the body of the worm was infected with a file virus.

In conclusion, the evolution of email worms is a cause for concern. In the past, the development and spread of viruses and worms was simply a matter of virus writers trying their strength, investigating which methods worked and which didn’t. Nowadays, however, virus writers are joining forces with spammers and other criminals; this means that malicious software now represents a huge threat both to confidential information and to the performance of almost any network.

Malware Evolution: July Roundup

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.



Virologie mobiler Geräte 2016

Im Jahr 2016 stieg die Zahl der Werbe-Trojaner, die in der Lage sind, Superuser-Rechte zu nutzen, weiterhin an. Im Verlauf des gesamten Jahres war das die Bedrohung Nummer eins und wir können bisher keinerlei Anzeichen für eine Trendwende in diesem Bereich erkennen.

Spam im Jahr 2016

Im Jahr 2016 haben sich in den Spam-Strömen verschiedene Veränderungen vollzogen. Die bedeutsamste Veränderung ist dabei sicherlich die Zunahme von Versendungen mit schädlichen Erpresser-Programmen. Wenn man berücksichtigt, wie relativ einfach diese Programme auf dem Schwarzmarkt zu haben sind, so wird sich diese Tendenz aller Wahrscheinlichkeit fortsetzen.

Kaspersky Security Bulletin 2016/2017. Jahresrückblick. Statistik für 2016

2016 war ein angespanntes und turbulentes Jahr im Cyberspace – von riesigen IoT-Botnets über Ransomware bis hin zu zielgerichteten Cyberspionage-Attacken, Finanzdiebstählen und Hacktivismus war alles vertreten – und sogar noch vieles mehr. Der Jahresrückblick und die Statistik für 2016 von Kaspersky Lab liefern einen detaillierten Überblick über diese Ereignisse. Die Kurzzusammenfassung finden Sie hier.

Kaspersky Security Bulletin 2016/2017. Die Ransomware-Revolution

Zwischen Januar und September 2016 hat sich die Zahl der Ransomware-Attacken auf Unternehmen verdreifacht, das ist gleichbedeutend mit einem Angriff alle 40 Sekunden. Der Markt für Ransomware-as-a-Service boomt, das Projekt NoMoreRansom wurde ins Leben gerufen: Für Kaspersky Lab ist Ransomware DAS Thema des Jahres 2016.

Abonnieren Sie unsere wöchentlichen E-Mails

Brandaktuelle Themen direkt in Ihr Postfach