subscribe: Daily Newsletter

 

Weekly report on viruses and intruders

0 comments

About 14% of computers scanned last week at the Infected or Not website (www.infectedornot.com) with the NanoScan and TotalScan online scanners were infected with active malware, that is, threats that were performing some kind of malicious action at the time of the scan.
25% of computers scanned had latent malware – malicious code – installed on the system.

Of all the computes scanned, 72% had some kind of antivirus protection installed. However, this doesn’t guarantee total protection, as almost 30% of protected computers were infected by malware.
“Traditional, signature-based protection is no longer enough. It is necessary to complement it with proactive technologies that can detect threats by analyzing their behavior, and periodic audits with tools that can detect much more malware,” confirms Jeremy Matthews, CE of Panda Security (South Africa).
“NanoScan and TotalScan are examples of these tools, which work according to a collective intelligence approach. This system does not just check a single signature file, but uses an extensive knowledge base on Panda’s servers that allows these tools to detect much more malware."
According to TotalScan, the most harmful malicious codes last week were the Zango and Navipromo adware and the Virtumonde spyware.
As for recent codes, PandaLabs highlights the Astry.A and EbodaR.A Trojans.
Astry.A prevents users from changing the Windows Explorer folder settings through Folder Options. It also displays several messages, one of them at the beginning of the session and another one at certain times set by the Trojan. Astry.A also modifies the information displayed on the View tab in the Windows Explorer Folder Options.
EbodaR.A is a Trojan that installs on computers by exploiting a vulnerability present in some versions of Acrobat Reader. Also, the Internet Explorer 7 browser must be installed on the system. To exploit the flaw, attackers send malicious PDF files in email messages.
If the user runs the file, a Windows XP command is executed that disables the system’s firewall. The Trojan is then downloaded and run from a certain Internet address. Once installed, EbodaR.A can download other malicious codes onto the infected computer.