• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Bad Sites   »   Top 8 in ’08

Top 8 in ’08

  • Posted on:December 30, 2008 at 9:32 pm
  • Posted in:Bad Sites
  • Author:
    Jake Soriano (Technical Communications)
3

Year-end lists are quite popular at this time of the year — here’s our own top threats in 2008.

Most Prolific: Mass Compromises
Attacks were targeted to a specific group of users and were targeted at popular Web sites. Diverse Web sites — entertainment, political, online shopping, social networking — were all used to spread malware. Compromises were at its height in May, when Web sites from around the world were injected with malicious codes to infect unknowing Internet users. This trend, unfortunately, seems to be continuing at a pace that defies the imagination.

Most Persistent: Botnets
Botnets are resident evils, and they’re always there. Giants like Storm, Kraken, Mega-D/Odzok, MayDay, and ASProx — all created ripples throughout 2008, remaining consistently on the radar of botnet researchers. The shutdown of McColo, a major cyber crime hoster in November, only temporarily deterred bot masters from looking for alternative means to proliferate.

Largest Distribution Campaign: Fake AV
“Rogue AV” software has two functions: they convince users that they are infected with malware by faking infection symptoms, and lure users into purchasing a fake antivirus programs to clean the fake infection. These threats use a variety of arrival and infection channels, from spam to mass SEO poisoning, involving several compromised Web sites.

Most Untraceable: DNS Changers
Two DNS changing malware detected by Trend Micro as TROJ_AGENT.NDT and BKDR_AGENT.CAHZ poison other hosts on the local subnet by installing a rogue Dynamic Host Configuration Protocol (DHCP) server on the network. These malware monitor traffic and intercept request packets from other computers in the network. They reply to intercepted requests with packets containing malicious DNS servers causing the recipients of the malicious packets to be redirected to malicious sites without their consent.

Most Automated: Exploits
A .DLL worm, WORM_DOWNAD.A, which exploits the MS08-067 vulnerability, and exhibited routines that led security analysts to postulate that it is a key component in the development of a new botnet. More than 500,000 unique hosts spread across different countries have since been discovered to have fallen victim to this threat.

A zero-day bug in Internet Explorer also prominently featured in at least two massive online threats: an information stealing campaign and a mass SQL injection attack on some 6,000 websites. Cyber criminals are able to exploit these bugs with very minimal user interaction, if none at all.

Most Technologically Advanced: Rootkits
The MBR (Master Boot Record) rootkit threat made waves early in 2008. Trend Micro detects the rootkit as TROJ_SINOWAL.AD. It looks for the bootable partition of the affected system and creates a new malicious MBR that loads the rootkit component, detected as RTKT_AGENT.CAV. It is then saved in an arbitrary sector within the bootable partition.

Most Destructive: Ransomware
A new version of the GPcode ransomware, which Trend Micro detects as TROJ_RANDSOM.A, surfaced in November. It searches and encrypts files found on any readable and writable drive on the system, rendering them inaccessible without the encryption key. Victims are informed that a decrypting tool must be purchased to decrypt the files. This is done through a text file dropped in each folder containing an encrypted file.

Most Irritating: AUTORUN Malware
Removable and physical drives are the fourth highest source of infection globally. Of the total infection number in Asia and Australia, 15% are from malware borne by removable drives. Most Asian countries have AUTORUN malware as their top infector and the top malware infecting PCs in Europe, Middle East and Africa (EMEA) also include several AUTORUN malware. They are so successful in propagation that they have also infiltrated the NASA and the U.S. Department of Defense networks.

News of pre-shipped malware on USBs also didn’t die down. The most recent product to be reported carrying worms is HP’s Proliant USB Keys.

The Trend Micro Smart Protection Network secures PCs and keeps them safe from all of these threats by filtering malicious spam, blocking dangerous URLs, and detecting malware and providing solutions for their cleanup and removal.

Image source: UC Davis Magazine

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»

Featured Stories

  • systemd Vulnerability Leads to Denial of Service on Linux
  • qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware
  • Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability
  • A Closer Look at North Korea’s Internet
  • From Cybercrime to Cyberpropaganda

Security Predictions for 2019

  • Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape. We have categorized them according to the main areas that are likely to be affected, given the sprawling nature of the technological and sociopolitical changes under consideration.
    Read our security predictions for 2019.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
  • Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack
  • Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK
  • Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps
  • Mac Backdoor Linked to Lazarus Targets Korean Users

Popular Posts

  • Mac Backdoor Linked to Lazarus Targets Korean Users
  • New Magecart Attack Delivered Through Compromised Advertising Supply Chain
  • 49 Disguised Adware Apps With Optimized Evasion Features Found on Google Play
  • September Patch Tuesday Bears More Remote Desktop Vulnerability Fixes and Two Zero-Days
  • Microsoft November 2019 Patch Tuesday Reveals 74 Patches Before Major Windows Update

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.