Web-based e-threats continued to dominate the first month of 2009, according to BitDefender.

Staff Writers
Tuesday, 17 February 2009 18:19

IT Industry - Market

Trojan.Clicker.CM returned to the leading position of the top 10 E-Threats with 5.40 percent, according to a report just released by BitDefender.

Sorin Dudea, head of BitDefender Antimalware Research said that the beginning of 2009 showed two important trends - Web-based distributed malware was still the most successful type of e-threat in the wild and, previous productive breeds were back with the same or even higher percentage than before.

Dudea warned that “this confirms that the level of user awareness in terms of system security remains very low for defensive activities, such as patching the OS with the latest fixes, updating security suites or surfing the Web cautiously."

“ Clicker.CM displays a significant number of commercial pop-up windows in the current Web browser's background and tries to lure the user to click. If clicked, profits are generated for advertisements registered within a pay-per-click system. In order to successfully display ads, the Trojan uses several functions that bypasses Norton Internet Security Pop-up Blocker.

According to BitDefender, Trojan Wimad.Gen.1 and Trojan.Downloader.Wimad.A rose by 6.88 percent in January, making them some of the most common e-threats in the wild. “Part of a very large family, these Trojans are spread with the aid of a network of malicious websites. Usually distributed via e-mail spam campaigns as a 3.5 MB .wma attachment and bearing the name of some popular artists, the disguised Trojan automatically opens the Web browser in order to retrieve the ‘appropriate’ codec, which is, in effect, another piece of adware – Adware.PlayMp3z.A.”

BitDefender says that, as it predicted, the exploits increased in volume over the past month, “holding no less than 4 positions and almost 12 percent in the current top 10.”  “For instance, Trojan.Exploit.SSX abuses vulnerable sites when a malicious SQL code is injected into their databases. The result is an invisible iFrame element that redirects the user to an infected Web site that attempts to download and install several malicious payloads.”