Bitdefender Weekly Review

abereczki
edited May 2008 in News

#01


BitDefender weekly review


In the past weeks nothing much changed on the top 3 places of the malware scene. As named by our researches, Trojan.Clicker.CM, Trojan.Downloader.WMA.Wimad.N and Application.JS.ForcePopup.I are still ruling the charts. Let's take a look at these three naggers. What makes them tick and why they are spreading like the plague.


Trojan.Clicker.CM


Looks like this fellow has the ability to detect the Google Toolbar and bypass Norton Internet Security's pop-up blocker in order to show pop-ups width advertisements. It is a JavaScript inserted in websites so in order to avoid it you could try finding the information you were looking for in other places. It is clear that having pop-ups show up all of a sudden, with irrelevant content, while browsing certain web pages is extremely annoying.


Details: http://www.bitdefender.com/VIRUS-1000137-e...Clicker.CM.html


Trojan.Downloader.WMA.Wimad.N


Due to the misconception that malware is supposed to be an executable file, this trojan spreads easily misguiding users by upholding that they're applications are unable to play back the content they're trying to view. It opens a browser window to http://fa[deleted]er.com and tries to get a file that's detected as Adware.PlayMp3z.A, an application that is meant to take personal information from the clients computer and use it in marketing or suspicious practices. You can find more information about it here: http://www.bitdefender.ro/VIRUS-1000279-ro...PlayMp3z.A.html


Details: http://www.bitdefender.com/VIRUS-1000277-e...MA.Wimad.N.html


Application.JS.ForcePopup.I


This is a specially crafted JavaScript that bypasses most common pop-up blockers in order to display advertisements. It is also using cookies to track this activity.


Details: http://www.bitdefender.com/VIRUS-1000115-e...rcePopup.I.html


post-13006-1211200158_thumb.png


The rest of the 7 places are taken by two entries of the Zlob trojan, Trojan.FakeAlert.PP, a variation of the NSAnti malware packer and some other malware.


HTML.Zlob, which makes use of an ActiveX exploit to trick users into installing a file (sometimes a BHO - Browser Helper Object*, sometimes an executable) and serves users with unwanted adds, has dropped 3 places, from 5 to 8, with Trojan.HTML.Zlob.W however Trojan.HTML.Zlob.AA rose 2 places from 7 to 5.


Details: http://www.bitdefender.com/VIRUS-1000263-e...TML.Zlob.W.html


http://www.bitdefender.com/VIRUS-1000278-e...ML.Zlob.AA.html


Trojan.FakeAlert.PP that nags users with fake infection alerts in order to make them install a rogue antivirus program called "XPAntivirus" dropped from 6 to 7.


Packer.Malware.NSAnti.AD, dropped from 8 to 10, seems like it's popularity diminished quickly after conquering the top places of our chats. Programs are packed with it usually to avoit detection by antiviruses. This specific packer has been used exclusively to pack online game password stealing trojans, so dear MMO** game players, take care what hacks you're downloading. Instead of giving you additional speed they might relieve you of your account.


Details: http://www.bitdefender.com/VIRUS-1000256-e...e.NSAnti.K.html


*BHO - Browser Helper Object is a DLL module designed as a plugin for Microsoft's Internet Explorer web browser to provide added functionality. You can find more about it at http://en.wikipedia.org/wiki/Browser_Helper_Object


**MMO - Massive Multiplayer Online - a type of game, played only online with hundrets, maybe thousands of players worldwide