subscribe: Daily Newsletter

 

Weekly report on viruses and intruders

0 comments

France has been the country with the highest percentage of infected PCs this week, according to data from the Infected or Not website (http://www.infectedornot.com). Over 38% of protected computers (with an active and up-to-date security solution installed) and 55% of unprotected computers were infected in France.

Spain is second on the list, with 32,41% of protected computers and 46,08% of unprotected computers infected. The US is third, with 31,04% of protected PCs infected and 41,16% of unprotected PCs infected.
MyWebSearch was this week’s top PUP (Potentially Unwanted Program) worldwide. It is designed to install a search bar on the browser and modify the online search results.
The Zango adware, created to display ads while users browse the Internet, and the FunWeb PUP, have been the next most active malicious codes this week.
As for new malware, this week’s PandaLabs report looks at 3 worms: Nussack.A, Nama.A and FlashJumper.M.
Nussack.A is designed to carry out multiple malicious actions. Its keylogger functions enable it to record keystrokes and mouse-clicks. It also carries out annoying actions, such as; opening and closing the CD-DVD drive, displaying the “I Love Kasun” message or making the Internet Explorer window flicker. It uses USB memory sticks, digital cameras and MP3 players to copy itself onto removable drives and spread.
Nama.A also uses this method to spread. It entices users to run it and then copies itself onto the system using the XLS file names, but with a VBS extension. It then conceals all the file extensions, so users cannot tell the difference between the original file and the copy of the worm. This worm prevents programs from running on system start-ups.
It also creates registry subkeys that alter the system performance, and which if not repaired correctly after an infection, could render the system unusable.  Nama.A carries out other malicious actions, such as hiding the Search and Run options in the Start menu, and blocking access to the MS-DOS console.
FlashJumper.M is a worm that copies itself onto the drives connected to the system, including those of the network. It also creates an autorun.inf file on all of them to make sure it is run when users access the drive through Windows explorer. This worm also creates a key in the Registry Windows to ensure it is run with every system restart.