Kindsight s=Security released their first quarter reports on virus and malware (malicious software) for 2012. Not surprisingly the DNSChanger Virus still tops the charts of the most damaging malware (viruses that lead to identity theft, various cybercrime, and other online attacks). Despite the criminal’s servers responsible for the DNSChanger virus being shut down in 2011, the threat still remains prevalent and is currently infecting 1 out of 400 households according to Kindsight. This means that in July, when the FBI shuts down their safe severs that thousands are likely to lose connection to the internet. If you have not heard about the DNSchanger virus you can read our full article on it here. Many need to remove the DNSchanger virus before July this year to avoid internet loss.
Top 5 threats on the net
In Kindsights statement they indicated that the main source of new computer infections, viruses, and malware attacks were through email. That a victim would receive an email from some type of service or governing body indicating there was something wrong with their accounts. The user would then follow the link to the fake website and their computer would be attacked by several different malwares. First to exploit security holes in their computer, then once accessed a rootkit virus to gain administration rights and finally install dozens of other computer viruses and malware into the victims computer.
Despite the DNSChanger virus no longer being in the top five home computer virus infections, it did come in close at number 6 which is surprising that it is still so proliferate in home networks after the media and ISP’s have been taking steps to notify the public of the threat of both the virus and the loss of internet access.
Top 5 home network infections
- Win32.Trojan.NineBall / Gumblar / DNSChanger
Recent email phishing filter tactics
- IRS Appeals
- UPS delivery confirmation
- Scanned documents
- Flight tickets
- Credit Card issues
- Better Business Bureau (BBB) complaints
- ACH (Automated Clearing House) wire transfer problems
- Inter-company invoices
- Helicopter ride orders
NineBall/Gumblar/DNSChanger: A Trojan that can affect personal computers, network devices, and computers on a network. It used to redirect users to fake websites in the attempt to generate fraudulent ad revenue, sell fake services, or to steal personal financial information.
Alureon/TDL/TDSS: This was used as a major part of the DNSChanger infection. Alureon is a rootkit type Trojan virus. Rootkits attempt to gain administrative access to a victim’s computer system so that it may disable security features and further infect the system.
ZeroAccess: This virus is simply here to help other malware, viruses, spyware, and adware distribute. This means once it infects your computer ZeroAccess starts installing everything it can. Most of the cybercrime associated with this virus is click fraud.
Zeus & SpyEye: This is the most prevalent banking fraud virus and malware. It usually installs when a user clicks on an emailed phishing scam email that then directs them to a website infected with an exploit kit.
BlackHole: This is a in the family of malware and computer viruses known as exploit kits. As the name implies this virus will scan and probe the victim’s computer for security holes in applications, software, browsers, and add-ons. After the security has been successfully breached and a hole is created it will proceed with a rootkit to take over the machine.