Tuesday, August 10, 2010

Cisco published top ten Malware attacks in 2Q of 2010

Lisa Phifer has an important article in “Security Planet” on “The Ten Top Malware Threats”, here, she notes that many of them are now spread through ordinary browsing of websites. The list came from Cisco for the Second Quarter of 2010, and was based on malware data files from McAfee, and Webroot (Sophos).

She notes, in place ten, "Backdoor.TDSSConf.A", which belongs to a TDSS family of “kernel-mode rootkits” which can disable antivirus programs with rootkit tactics, and can be difficult to stop after a page is actually browsed if not intercepted first by browser controls. There is also "Mal/frame-F" which uses "iframe" tags to redirect users to other websites without their knowledge.

"JS.Redirector-AT" can redirect users to other sites with porn, phishing, or scareware implants. Here the article notices that some home users may want to disable javascript execution, at least when embedded in Adobe documents.

"PSW.Win32.Infostealer.bnkb" may log keystrokes associated with online banking.

Number 1, and representing 5% of infections, is “Exploit.JS.Gumblar”, which runs an encrypted executable without user’s consent with subsequent routine browsing.

The author of the article owns Core Competence (link ) a security company with links to this and other important articles.

No comments: