SOURCE: BitDefender


January 11, 2010 09:00 ET

Exploit.PGF-JS.Gen Outranks the Trojan Leadership in BitDefender's December Top Ten Threat Report

A PDF Exploit Takes the Lead

BUCHAREST, ROMANIA--(Marketwire - January 11, 2010) - BitDefender's top e-threat for December is Exploit.PDF-JS.Gen, with 12.04 percent of the total amount of infections. This generic detection deals with specially crafted PDF files exploiting different vulnerabilities found in Adobe PDF Reader's Javascript engine in order to execute malicious code on the user's computer. Upon opening an infected PDF file, a specially crafted Javascript code triggers the download of malicious binaries from remote locations.

With a percentage of 8.15, the second e-threat on December's Top Ten is Trojan.AutorunInf.Gen, a generic mechanism to spread malware using removable devices such as flash drives, memory cards or external hard-disk drives. Win32.Worm.Downadup and Win32.TDSS are two of the most famous families of malware to use this approach to trigger newer infections.

Trojan.Clicker.CM is in this month's number three position with 7.90 percent of the total amount of infected computers and is mostly found on websites hosting illegal applications such as cracks, keygens and serial numbers for popular commercial software applications. The Trojan is mostly used to force advertisements inside the users' browser in order to boost their advertisement revenue.

Ranking fourth in this month's e-threat report, Win32.Worm.Downadup.Gen is responsible for 5.85 percent of the global infections. Relying on the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (MS08-67), this worm spreads on other computers in the local network and restricts users' access to Windows Update and security vendors' web pages. Newer variants of the worm also install rogue antivirus applications, among others.

Trojan.Wimad.Gen.1, ranking fifth with 4.57 percent of the global infections, mostly exploits the capability of ASF files to automatically download the appropriate codec from a remote location in order to deploy infected binary files on the host system. The ASF format will store data in either WMA (Windows Media Audio) or WMV (Windows Media Video) formats, which are mostly to be found on Torrent websites. When played locally, the specially-crafted WMV file would allegedly attempt to download a "special codec," which is in fact a malicious binary hosted on a third-party website.

The sixth place with 2.65 percent of the infections triggered globally is taken by Win32.Sality.OG. This malicious e-threat is a polymorphic file infector that appends its encrypted code to executable files (.exe and .scr binaries). It deploys a rootkit and kills antivirus applications running on the computer so as to hide its presence on the infected machine.

Trojan.Autorun.AET, a malicious code spreading via the Windows shared folders, as well as through removable storage devices, ranks seventh with 1.97 percent of the worldwide infections. The Trojan exploits the Autorun feature implemented in Windows for automatically launching applications when an infected storage device is plugged in.

Worm.Autorun.VHG is an Internet /network worm that exploits the Windows MS08-067 vulnerability in order to execute itself remotely using a specially crafted RPC (remote procedure call) package (an approach also used by Win32.Worm.Downadup). The worm ranks eighth with 1.65 percent of the global infections.

Win32.Worm.Downadup.B ranks ninth with 1.08 percent. It is a variant of Win32.Worm.Downadup with slightly the same functionality, except for the fact that the number of the blocked AV URLs is lower. Also, this is one of the least dangerous variants, as it comes with no malicious payload.

Trojan.Script.236197 concludes the BitDefender Top Ten E-Threats for December. Responsible for 1.08 percent of the worldwide infections, this obfuscated JavaScript file forces small pop-up windows disguised as MSN Messenger alerts when the user visits an adult website. The ads, served through advertising service DoublePimp, look like a real-time conversation with a woman allegedly located in the same area as the user's ISP.

BitDefender's December 2009 Top 10 E-Threat list includes:

1    Exploit.PDF-JS.Gen         12.04
2    Trojan.AutorunINF.Gen       8.15
3    Trojan.Clicker.CM           7.90
4    Win32.Worm.Downadup.Gen     5.85
5    Trojan.Wimad.Gen.1          4.57
6    Win32.Sality.OG             2.65
7    Trojan.Autorun.AET          1.97
8    Worm.Autorun.VHG            1.65
9    Win32.Worm.Downadup.B       1.25
10   Trojan.Script.236197        1.08
     OTHERS                     52.85

To stay up-to-date on the latest e-threats, sign-up for BitDefender's RSS feeds here.

About BitDefender®

BitDefender is the creator of one of the industry's fastest and most effective lines of internationally certified security software. Since its inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention, emerging as the industry's anti-malware innovator. Every day, BitDefender protects tens of millions of home and corporate users across the globe -- giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information about BitDefender and its products are available at the company's security solutions press room. Additionally, BitDefender's provides background and the latest updates on security threats helping users stay informed in the everyday battle against malware.

Contact Information