Most Dangerous Types of Desktop Malware
A recent report by Check Point summarized the top 10 desktop malware threats users need to be aware of. Thankfully, every once in a while, a security firm provides us with a glimpse into their data, revealing statistics about the number and type of current threats, and any noticeable spikes or dips in malware distribution. The other thing this report informed on is the fact the total number of active malware families grew by 15 percent. This means several months in a row when the company has detected a visible growth since reporting 50% increase from March to April. Check Point says the top ten most popular malware variants accounted for 60 percent of all detected events.
Below is the top 10 desktop malware threats that made the list:
- Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system. It uses flaws in Windows OS software and dictionary attacks on administrator passwords to propagate while forming a botnet, and has been unusually difficult to counter because of its combined use of many advanced malware techniques.
- Sality, is a polymorphic piece of malware, one that constantly evolves, is hard to detect, and works by infecting executable files and then downloading more complex malware. Just like Conficker, Sality is controlled via a huge botnet and attacks Microsoft Windows operating systems. Because of its continued development and capabilities, Sality is considered to be one of the most complex and formidable forms of malware to date.
- Locky is the 1st ransomware to make top 3 on the malware list. Locky appeared in early 2016. This ransomware locks people’s files with a currently uncrackable encryption algorithm. Locky spreads via exploit kits, macro-malware, or via ZIP email attachments that contain JS, WSF, HTA, or LNK files. In most cases, the spam originates from the Necurs botnet, managed by the same crew that spreads the Dridex banking trojan.
- Cutwail. The Cutwail botnet, founded around 2007, is a botnet mostly involved in sending spam emails. The bot is typically installed on infected machines by a Trojan component called Pushdo. It also affects computers running Microsoft Windows.
- Zeus. Famous banking trojan that had its source code leaked a few years back. Zeus is also the base for most of today’s banking trojans that target desktop users. Zeus uses man-in-the-browser keystroke logging and form grabbing to steal customer data. Zeus can also be used to install CryptoLocker ransomware. First identified in July 2007 when it was used to steal information from the US Dept. of Transportation.
- Chanitor. Also known as Hancitor or H1N1, Chanitor is a malware dropper, and is merely a stepping stone for other, more potent malware. Crooks use spam email to spread the trojan, and in most cases, Chanitor infects victims’ machines with banking trojans.
- Tinba. Tinba is a truncation of “tiny banker” and, when first discovered in 2012, was the smallest banking Trojan in circulation by file size. Tinba’s destiny took an interesting turn when its source code was publicly leaked in July 2011 in an apparent dispute between rival cybercriminals. Since the leak, various gangs have been able to rework the ready-made malicious code at no cost. The trojan uses Web injects to compromise browsers and show fake Web pages on top of authentic banking portals.
- CryptoWall is a new and highly destructive variant of ransomware. Ransomware is malware that infects your computer and holds hostage something of value to you in exchange for money. Older ransomware used to block access to computers. Newer ransomware, such as CryptoWall, takes your data hostage. Crooks spread Cryptowall mainly via malvertising and phishing campaigns. There’s currently no decrypter available that can brute-force or skirt the ransomware’s encryption algorithm.
- Blackhole is an exploit kit that showed up around 2012, and is the most prevalent web threat, where 29% of all web threats detected by Sophos and 91% by AVG are due to this. Its purpose is to deliver a malicious payload to a victim’s computer. The majority of these infections were done in a series of high volume spam runs. The kit incorporates tracking mechanisms so that people maintaining the kit know considerable information about the victims arriving at the kit’s landing page. The information tracked includes the victim’s country, operating system, browser and which piece of software on the victim’s computer was exploited. These details are shown in the kit’s user interface. Once considered the top of the exploit kit market, today it is largely unmaintained and less potent than its competitors.
- Nivdort. Also known as Bayrob, this modular backdoor trojan was developed in 2007 but has recently received a makeover, hence the new spike in activity. Crooks spread Nivdort via spam and use it to collect passwords, modify system settings and download additional malware.
Locky’s appearance on this list is no surprise, knowing that it received several updates in the past months and is spread via the massive Necurs botnet, which according to recent statistics gathered by MalwareTech, has over 6 million bots ready to send Locky spam. Locky was recently reported to by accountable for 97% of all malicious file attachments spread via spam email.
As you can see this list is no joke. Please take steps to ensure you are protected from outside threats. Your organization needs to ensure you have updated: anti-virus, anti-malware, operating system, spam filter, browser, and firewall. You also need to make sure you have a complete backup and disaster recovery solution should anything happen. 2W Tech has several IT Consultants on staff that specialize in Network Security and would be happy to do a network assessment in your organization to ensure you are protected from outside threats.
Email firstname.lastname@example.org to set up your free network assessment.
Should You Report Ransomware?
YES! You Still Need an IT Department