Tuesday, October 30, 2007

10 Most Prevalent Global Malware

1. TROJ_GENERIC

Malware Type: Trojan
This is the Trend Micro generic detection for low-threat Trojans. It also installs itself as a browser helper object (BHO) by creating certain registry keys.

2. WORM_NUWAR.CQ

Malware Type: Worm
This worm arrives as an attachment to mass-mailed email messages. It spreads by attaching a copy of itself to an email message, which it sends using its own Simple Mail Transfer Protocol (SMTP) engine. Having its own SMTP engine allows it to send messages without using any mailing application, such as MS Outlook.

3. WORM_NYXEM.E

Malware Type: Worm
This worm propagates by attaching copies of itself to email messages that it sends to target addresses, using its own SMTP engine. Through this SMTP engine, it is able to easily send the email message without using other mailing applications, such as Microsoft Outlook.

4. WORM_NETSKY.DAM

Malware Type: Worm
This is Trend Micro's detection for the damaged samples of WORM_NETSKY variants. It runs on Windows 95, 98, ME, NT, 2000 and XP.

5. HTML_NETSKY.P

Malware Type: HTML
This HTML malware arrives as an email with an executable file attachment that is detected by Trend Micro as WORM_NETSKY.P. It exploits a known vulnerability in Internet Explorer versions 5.01 and 5.5 known as the Automatic Execution of Embedded MIME Type. This vulnerability causes Internet Explorer to automatically run executable file attachments in email messages.

6. TROJ_SMALL.EDW

Malware Type: Trojan
This Trojan arrives as a file dropped by other malware like WORM_NUWAR.CQ or as a file downloaded unknowingly by a user when visiting malicious URLs. It may also arrive as a downloaded copy by earlier variants.

It is also spammed via email using subject lines related to specific events. The image below is a sample of the said email message.


7. WORM_RONTKBR.GEN

Malware Type: Worm
This is Trend Micro's detection for unknown and future variants of WORM_RONTOKBRO and WORM_BRONTOK malware programs. It serves as a proactive means of safeguarding against possible attacks of the aforementioned malware.

8. WORM_ANIG.A

Malware Type: Worm
This memory-resident worm propagates by dropping copies of itself in shared network drives. It steals login information and saves the obtained data in a file, which can be retrieved by a remote user. Its keylogger component substitutes the standard Microsoft Graphical Identification and Authentication DLL (MSGINA.DLL) to carry out its information-stealing routine.

9. PE_PARITE.A

Malware Type: Worm
This file infector infects .EXE and .SCR files on an infected system and on remote network shares with read and write access. It makes use of port 30167 in order to access network shares. It stays in memory by injecting itself into EXPLORER.EXE; thus, hiding its running process.

10. WORM_MOFEI.B

Malware Type: Worm
This destructive, memory-resident worm attempts to log on to remote machines using a list of user names. It then drops and executes a copy of itself on the remote machines. It has backdoor capabilities, and may execute commands coming from a remote malicious user. The said routine provides the remote user virtual control over the affected machine, thus compromising system security.

Security for Windows XP

Don't you hate it when people mess with your computer without you knowing it? Here are two ways to prevent this, (and still be lazy): create a desktop icon to lock your computer, and password protect after the screen saver is activated. Both of these only work if you already have your computer password protected on login.

If you already have a password, skip to the next part.

To create a password, go to the control panel , then to user accounts . Click your account, and then the " change my password " button, enter the requested fields and click on " change password " and then close the window.

How to create a lock-down icon:

First, pick any icon on your desktop. Right click it and drag it to another place on the desktop. In the menu that appears select " copy. " Now we need to change the name and the target of the new shortcut. Right click this shortcut, and click " properties. " Make sure you are in the shortcut tab .

In the box labeled " target, " copy and paste this line:

%windir%\System32\rundll32.exe user32.dll,LockWorkStation

In the box labeled " Start in, " copy paste:

%windir%

To apply these changes click " apply. " Next you can change the icon. Just click the " change icon " button. If you're not already there hit the browse button and go to:

C:\WINDOWS\system32\shell32.dll

You'll find a nice selection of icons there.

Select an icon from the ones that appear in the box and click " ok. "

Now move to the general tab . The box on the top contains the name of your icon. Change it to whatever you want. I used "Fun Game" in the hope that if someone comes to the computer and it is not locked that they will click this icon, locking the computer. (This actually worked once!) After you are finished, click " apply ," and then " ok. "

To test your icon, double click it. You should be taken to something like a log on screen. Just enter the password to get back into windows, just as you left it too. This is different from actually logging off. Whenever you know you will be away for a while, just click that icon, and your computer will be safe.

How to lock down on screen saver:

Right click on your desktop in any empty space. Click " properties " in the menu that opens. Go to the screensaver tab. All you have to do now is click the box next to " On resume, password protect ." Click " apply, " and then " ok. "

Let your screen saver run, and see what happens after you move your mouse. This is good in case you leave suddenly and forget to click the icon we made earlier. Unlike hibernation, this will allow other programs, such as Kazaa or iMesh, to run in the background.