Beware of these Top 10 Computer Malwares of the World 2011| Are you a victim already ?

In a nutshell

Beware of these Top 10 Computer Malwares of the World 2011| Are you a victim already ?

G Data Security Labs carried out research on top malwares and Trojans affecting users.

▶ It was found that security holes in Java was the most targeted by hackers to gain access to victims’ computer.

Below is the List of viruses, their aliases and symptoms. This article also has general tips to help you prevent infection on your computer.

The German IT security provider G Data Security Labs carried out a research which indicates that unclosed security holes in browser plug-ins are easy prey of cyber criminals. It also noted the increase in malware that installs adware or tries to lure users to install bogus antivirus programs.

 

The G Data experts have noticed that the hackers have focused on

Java security holes since the end of last year. This kind of computer malware is already dominating the internet and has recently ousted PDF security holes from the top 10.

 

 

Here is a list of  Top 10 Computer Malwares of the World 2011 which every one should know.

 

1>> Java.Trojan.Downloader.OpenConnection.AO


This Trojan downloader is contained within manipulated Java applets found on websites. When the applet is downloaded, a URL is generated from the applet parameters, which the hacker uses to upload a malicious executable file onto the user’s computer and run it. The downloader exploits the CVE-2010-0840 security hole. It’s first in the list of Top 10 Computer Malwares of the World 2011 and is a new entry too.

Aliases ( other names of the same malware) : Trojan-Downloader.Java.Agent.au (Kaspersky) | JAVA/DLoader.A (Norman) | Java/ClassLoader (AVG) | JAVA/Dldr.Agent.D (Avira) | Java.Trojan.Downloader.OpenConnection.C (BitDefender) | Java.Downloader.17 (Dr.Web) | Java/TrojanDownloader.Agent.NBN (ESET) | Trojan-Downloader.Java.Agent (Ikarus) | Downloader-BCS (McAfee) | Java/Downloader.XMX (Panda) | Troj/CLsldr-AF (Sophos) | Trojan-Downloader.Java.Agent.au (Sunbelt Software) | JAVA_DLOADER.ZCC (Trend Micro).

Symptoms : The presence of the following files in your system:
1> Inicio.class  2> Connect4Kernel.class  3>  Connect4.class

 

 

2>> Trojan.Wimad.Gen.1


This Trojan pretends to be a normal .wma audio file, albeit one that can only be played after installing a special codec/decoder on Windows systems. If the user runs the file, the attacker can install malware of any kind on the user’s system. The infected audio file is mainly distributed via P2P networks.

 

Aliases : ASF/Wimad!generic (CA) | Trojan-Downloader.WMA.GetCodec.r (Kaspersky) |Mal/ASFDldr-A (Sophos) | Trojan.Wimad.Gen.1 (BitDefender) | WMA/TrojanDownloader.GetCodec.Gen (ESET).

Symptoms : Alert notifications from installed antivirus software may be the only symptom.

 

 

3>> Gen:Variant.Adware.Hotbar.1

This adware is generally secretly installed, as part of free software packages from programs such as VLC, XviD, etc., which are downloaded from sources other than the provider. The supposed sponsors of the current software version are ‘Clickpotato’ and ‘Hotbar’. All packages are digitally signed by “Pinball Corporation” and the adware is automatically launched every time Windows is started, integrating itself as a systray icon.

 

Aliases : Not Available

Symptoms : Alert notifications from installed antivirus software may be the only symptom.

 

 

4>> Worm.Autorun.VHG


This malware is a self-propagating program that can spread itself from one computer to another. It uses the autorun.inf function in Windows operating systems to distribute itself. It uses removable storage devices such as USB sticks or portable hard drives. They may send themselves as an attachment to an email or an instant message, or send a link to a copy of themselves in the body of a message. It is an Internet and network worm and exploits the CVE-2008-4250 vulnerability.

 

Aliases : WORM_SDBOT.AKI (Trend Micro) |Worm.Win32.AutoRun.vhg (Kaspersky) | W32/SdBot-DOE (Sophos) | W32.IRCBot (Symantec).

Symptoms : The following system changes may indicate the presence of this malware:
Presence of the following file/s:
c:systems-1-5-21-1482476501-1644491937-682003330-1013desktop.ini
c:systems-1-5-21-1482476501-1644491937-682003330-1013system32.exe

The presence of the following registry modifications :
Adds value: StubPath
With data: “c:systems-1-5-21-1482476501-1644491937-682003330-1013system32.exe”
To subkey: HKLMSoftwareMicrosoftActive SetupInstalled Components{28ABC5C0-4FCB-11CF-AAX5-21CX1C643131}

 

 

5>> Java.Trojan.Downloader.OpenConnection.AI

This Trojan downloader is contained in manipulated Java applets found on websites that allows the downloading and execution of arbitrary files. These kinds of files can be any type of malware. The downloader uses the CVE-2010-0840 vulnerability to avoid the Java sandbox. It’s fifth in the list of Top 10 Computer Malwares of the World 2011 .

 

Aliases : Trojan-Downloader.Java.Agent.hx (Kaspersky) | Java.Trojan.Downloader.OpenConnection.AM (BitDefender) | Java/SillyDlJava.AJ (CA) | Java.Downloader.123 (Dr.Web) | Trojan.Java.Agent.db (Sunbelt Software).

Symptoms : The following system changes may indicate the presence of this malware:
The presence of the following files:
1> a.class 2> a$1.class 3> b.class 4> KAVS.class

 

 

6>> Trojan.AutorunINF.Gen

This worm is a detection for ‘autorun.inf’ files that may be used by worms when spreading to local, network, or removable drives. When copying themselves to a drive, these worms also create a file named ‘autorun.inf’ in the root of the targeted drive. The ‘autorun.inf’ file contains execution instructions for the operating system which are invoked when the drive is viewed using Windows Explorer, thus executing the copy of the worm. It should be noted that ‘autorun.inf’ files on their own are not necessarily a sign of infection, as they are used by legitimate programs and installation CDs. Trojan.AutorunINF.Gen is sixth in the list of Top 10 Computer Malwares of the World 2011 .

 

Aliases : INF/Frethog (CA) | Worm.Win32.AutoRun.rja (Kaspersky) | Mal/AutoInf-B (Sophos) | INF.Autorun.Gen (VirusBuster) | Trojan.AutorunINF.Gen (BitDefender).

Symptoms : Presence of “autorun.inf” file in root of fixed or removable drives pointing to various suspect executables.

 

 

7>> Java.Trojan.Downloader.OpenConnection.AN

This Trojan downloader is contained within manipulated Java applets found on websites. When the applet is downloaded, a URL is generated from the applet parameters, which the hacker uses to upload a malicious executable file onto the user’s computer and run it. The downloader exploits the CVE-2010-0840 security hole.

 

Aliases ( other names of the same malware) : Trojan-Downloader.Java.Agent.au (Kaspersky) | JAVA/DLoader.A (Norman) | Java/ClassLoader (AVG) | JAVA/Dldr.Agent.D (Avira) | Java.Trojan.Downloader.OpenConnection.C (BitDefender) | Java.Downloader.17 (Dr.Web) | Java/TrojanDownloader.Agent.NBN (ESET) | Trojan-Downloader.Java.Agent (Ikarus) | Downloader-BCS (McAfee) | Java/Downloader.XMX (Panda) | Troj/CLsldr-AF (Sophos) | Trojan-Downloader.Java.Agent.au (Sunbelt Software) | JAVA_DLOADER.ZCC (Trend Micro).

Symptoms : The presence of the following files in your system:
1> Inicio.class  2> Connect4Kernel.class  3>  Connect4.class

 

 

8>> Java:Agent-DU [Expl]


This Java-based malware program is a download applet that tries to use a security hole (CVE-2010-0840) to avoid the sandbox protection mechanism and download additional malware onto the computer. Once the applet has fooled the sandbox, it can directly download and run .exe files. This is something that a simple applet cannot do, as the Java sandbox prevents it from doing so.

 

Aliases : Not Available.

Symptoms : Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptoms.

 

 

9>>  Trojan.FakeAlert.CJM


This malware program tries to tempt computer users into downloading fake antivirus software that is actually the FakeAV program. In doing so, the website imitates the user’s Windows Explorer and indicates that there are many alleged infections. As soon as the user clicks something on the website, a downloadable file is offered that contains the actual FakeAV program, e.g. a variant of System Tool.

 

Aliases : Trojan-Downloader.Win32.FraudLoad.axa | Program:Win32/Antivirus2008 | Trojan.FakeAlert.701 .

Symptoms : Pop up balloon warning messages claiming that your PC is infected.

  • “Critical System Error”,
  • “Your computer is infected”

 

10>> HTML:Downloader-AU [Expl]

This Java-based malware is an applet that downloads an HTML page. This primed HTML site tries to use a security hole (described in CVE-2010-4452) to download a Java class from a URL to the vulnerable Java VM. The attacker uses this to try and bypass the VM protection mechanisms, thereby creating a way to carry out almost any kind of activity on the computer. It’s last in the list of Top 10 Computer Malwares of the World 2011 and is a new entry too.

 

Aliases : Exploit.HTML.CVE-2010-4452.p (Kaspersky)| Exploit.HTML.CVE-2010 (Ikarus).

Symptoms : There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.

 

 

Simple steps to help you prevent infection on your computer:

  • Enable a firewall on your computer.
  • Get the latest computer updates for all your installed software.
  • Use up-to-date antivirus software.
  • Limit user privileges on the computer.
  • Use caution when opening attachments and accepting file transfers.
  • Use caution when clicking on links to webpages.
  • Avoid downloading pirated software.
  • Protect yourself against social engineering attacks.
  • Use strong passwords.

 

Thanks to Gdatasoftware and Microsoft.



GET MORE STORIES LIKE THIS IN YOUR INBOX

3 Comments to Beware of these Top 10 Computer Malwares of the World 2011| Are you a victim already ?

  1. Hi there, I’m new to blogging and websites in general and was
    wondering how you got the “www” included in your
    web address name? I see your web address,
    “http://www.technojourney.com/trending/beware-top-computer-malwares-world-2011-are-you-victim-already/” has the www and my web address looks like, “http://
    mydomain.com”. Do you know the simplest way I can change this?
    I’m using
    Wordpress. Thanks a ton

  2. Hiya. I noticed your website title, “Beware of these Top 10 Computer Malwares of the World” doesn’t really reflect the content of your web-site. it makes sense

What's Your Thoughts On This?