The overall number of computers infected by the most common malicious programs has fallen slightly in July. This may be due to a seasonal drop in usage, resulting in fewer machines becoming infected with malware.
So says Kaspersky Lab in its monthly malware report for July and added there were no big surprises in the first Top 20 this month, with Kido and Sality remaining the runaway leaders.
The first Top 20 is based on data collected by Kaspersky Lab's version 2009 anti-virus product, and is made up of frequently detected malicious programs, adware and potentially unwanted programs. The second provides an overview of the current online threats as well as the underlying trends.
“The second Top 20 was a lot more interesting,” says Kaspersky. “This ranking includes malicious programs detected on Web pages and malware which attempted to load from Web pages. Looking at the rating, we can see three script exploits named DirektShow, whose Internet Explorer vulnerability we talked about earlier in the month.”
The company says as Internet Explorer is the browser of choice for the majority of users, it's no surprise that this vulnerability was immediately and heavily exploited by cyber criminals.
Kaspersky has seen a tendency for cyber criminals to split malicious scripts into several parts - in the case of DirektShow, the main page with the exploit for the msvidctl vulnerability contains a link to another script that downloads shell code with its own malicious payload.
Further down in the ranking, Trojan-Downloader.JS.ShellCode.i is the shell code most commonly used to exploit this vulnerability. This approach is simple, and is particularly useful to the cyber criminal: the shell code script can be replaced at any time but the link to the main page remains the same. This set-up makes it more difficult to analyse and create detection for such malware, and where automated systems are used, it may be impossible.
The security giant explains: “To help malware, specifically ransomware in the form of rogue anti-virus applications easier to spread, the same Web templates will be used again and again.”
A newcomer in July, Trojan-Downloader.HTML.FraudLoad.a, is a good example of this. “Such malware is becoming increasingly popular in the world of cyber crime. As a result, a huge number of Web sites are appearing which claim that the user's computer is infected, and then download programs which are not only annoying, but also often pose a real threat.”
Trojan-Downloader.JS.Iframe.bew, sitting in 20th place this month, is one such script used to download malicious programs from such sites.
In terms of underlying trends, Kaspersky Lab says cyber criminals are concentrating on discovering new vulnerabilities in the most popular software with the aim of exploiting them to achieve their goal - infecting computers with one or more malicious programs.
“Secondly, cyber criminals attempt to hide their activity so that it either passes unnoticed, or seems to be resulting in minimal damage to the infected machine.
“This makes surfing the Internet without a fully-patched operating system or an up-to-date anti-virus solution tantamount to swimming in shark-infested waters - and this applies to even the most experienced users.”
Related stories:
Web 2.0 malware explodes in June
Mobile malware goes cross-platform
Kaspersky urges better Net security
Share