![]() These scripts then seek out various Trojan-Downloaders on the Internet which they install and then these in turn download and run lots of other malicious programs. The exploits themselves are PDF documents containing scenarios in JavaScript. The vulnerabilities that these three PDF exploits use are relatively old and were detected back in 2009. The total amount of attempted downloads of the three exploit variants in 1st, 3rd and 16th places exceeded 350,000 in all.Īmong the newcomers in April were three exploits (2nd, 10th, and 13th places) that target vulnerabilities in Adobe Reader and Acrobat. It looks as if the main aim for cybercriminals using the CVE-2010-0806 exploit during April was the theft of confidential data from users with accounts for popular online games. These Trojans then download other malicious programs to the infected machines – usually various modifications of, and. The exploit usually imports small downloader programs such as members of the, ,, and families to victims’ computers. The rapid spread of the CVE-2010-0806 exploit this month means it claimed top spot in our second rating. It remains to be seen when the next epidemic will strike, or if there will even be one, but we’ll be keeping an eye on developments. This should act as a warning sign, because this is typical of Gumblar.x’s behavior and is reminiscent of events back in February. Like previous Gumblar epidemics, this one exploded onto the scene, peaked in February when over 450,000 websites were infected by Gumblar, and disappeared just as quickly as it came two months later. The leader for the last two months running, Gumblar.x, is nowhere to be seen in the April Top Twenty after its activity fell off sharply. In contrast to our first Top Twenty, this rating is far more volatile. This ranking includes malicious programs detected on web pages and malware downloaded to victim machines from web pages. The second Top Twenty presents data generated by the web antivirus component, and reflects the online threat landscape. Over the past three months it has climbed from 10th place to 6th and in April alone was neutralized on more than 70,000 computers. It’s also worth mentioning Virut.ce’s slow but steady rise towards the top five. ![]() We’ll discuss the rapid rise of the CVE-2010-0806 exploit in more detail below. In April two variants of the exploit were neutralized on more than 110,000 computers. In March the number of unique downloads of the CVE-2010-0806 exploit had already reached the 200,000 mark. ![]() Since then, it has been actively used by cybercriminals who spotted a description of it that went into rather too much detail. To recap, the exploit is for a vulnerability that was detected in Internet Explorer back in March. The two new Trojans in this ratings list are components of one of the CVE-2010-0806 exploit variants. The part of the code to be downloaded last is the part that unpacks and launches the exploit. When an infected page is opened in the browser, the component parts of the exploit download in a particular order. The exploit itself is usually encrypted or obfuscated and broken up into several parts. Two of them (7th and 12th places) are variants of the CVE-2010-0806 exploit which we mentioned last month, while the other two (14th and 18th places) are Trojans that turned out to be directly connected to the CVE-2010-0806 exploit. The list of the twenty most frequently occurring malicious programs detected on users’ computers traditionally remains fairly stable, so it comes as no surprise that Kido and Sality continue to occupy the top two places.Īpril saw four new entries.
0 Comments
Leave a Reply. |