9:00 am (UTC-7) | by David Sancho (Senior Threat Researcher)
The end of 2010 is near and I thought I’d take the time out to recap how the year has been malware-wise. This is my list of the top 10 most remarkable malware families that surfaced in 2010:
- STUXNET. It was remarkable because of its sophistication and use for espionage. It was thought to have been programmed to halt Iran’s nuclear program. I don’t think it will be the last malware family that will be used to spy on others and/or for industrial sabotage. It was a big deal also because of its heavy use of previously undiscovered software vulnerabilities in Windows.
- Aurora. It hit Google and other big software companies last Christmas and it was remarkable because it managed to steal sensitive information from these giants.
- ZeuS. It’s a do-it-yourself (DIY) botnet toolkit that has become very popular in the underground. It has spawned lots of different botnets that have stolen millions of dollars from home users and companies alike. The fact that it’s an off-the-shelf piece of software hints at the current state of malware as a multipurpose weapon.
- SpyEye. Touted as ZeuS’ successor, recent accounts tell how it will carry ZeuS’ source code into a more sophisticated code base. It has a similar concept to ZeuS and also comes in the form of a DIY toolkit.
- KOOBFACE. It was remarkable because it spread through social networks from Facebook to Twitter. It caused enough headaches for Facebook that the social networking giant finally decided to add a CAPTCHA to its link-submitting form.
- BREDOLAB. A botnet that was used to spread other malware, it acted as some sort of malware-deploying platform. It was remarkable because it was taken down by the Dutch police in October 2010 after its Armenian creator amassed millions of dollars thanks to it.
- TDSS/Allurion. A very sneaky rootkit that managed to cause bluescreen errors on a lot of computers in February 2010 when a new Microsoft update changed the files that it used to infect the systems. It had one of the most complex rootkit components ever seen and apparently a very shrewd development team behind it.
- Mebroot. A spamming botnet that used a rootkit that could survive Windows reinstallation. It hides very deep in a system so it loads even before Windows does. It’s responsible for a big percentage of all of the spam traffic worldwide.
- FAKEAV. Though strictly not a virus, it’s the scam of choice of most of modern malware so all infections have a fake antivirus scam as a visible payload. The creation of Russian partnerkas (or affiliation programs) let third parties get money for every successful scam job performed. This enabled fake antivirus groups to become the con artists of the year helped by virus creators everywhere.
- Boonana. The Mac version of KOOBFACE in the sense that it copied KOOBFACE’s method of spreading via social networks. It was remarkable because it brought most of KOOBFACE’s functionality to the Mac platform, making it a whole different beast that could open a new can of worms in the growing platform.
Have a great 2011 and stay safe.
Share this article