|
These are Top 10 most damaging malicious codes as of August 2008. The total number of attacks by these Top 10 malicious codes was 378, accounting for 11.1% of the total number of cases reported in August (3,396). The number decreased from 849 cases of July (13.6%). Win-Trojan/Fakeav.94208 and Win-Trojan/Downloader.61440.CP, and Win-Trojan/Bho.118784.O account for 15~24% respectively, and combine to account for more than half, and most of the remaining malicious codes account for less than 10% each. Among the Top 10 malicious codes, those ranked No. 1. 2 and 3 were more damaging in August.
| Ranking |
Malicious Code Name |
Cases |
% |
| 1 |
new |
Win-Trojan/Fakeav.94208 |
90 |
23.8% |
| 2 |
new |
Win-Trojan/Downloader.61440.CP |
89 |
23.5% |
| 3 |
new |
Win-Trojan/Bho.118784.O |
58 |
15.3% |
| 4 |
new |
Win-Trojan/FindVM.32759 |
25 |
6.6% |
| 5 |
new |
Win-Trojan/Virtumod.118784 |
22 |
5.8% |
| 6 |
new |
Win-Trojan/Agent.74752.AF |
21 |
5.6% |
| 7 |
new |
Win-Trojan/WowHack.18432.Q |
19 |
5.0% |
| 8 |
new |
Win-Trojan/Proxy.50176.B |
18 |
4.8% |
| 9 |
new |
Win-Trojan/Agent.6144.HK |
18 |
4.8% |
| 10 |
new |
Win-Trojan/Agent.517632.E |
18 |
4.8% |
| Total |
378 |
100.0% |
What is particularly noteworthy is the fact that malicious codes disguised as fake vaccines were ranked No. 1. Fake vaccine used to be classified and diagnosed mostly as Spyware, but some of them are recently found to behave in a way similar to malicious codes: i.e. using Rootkit to hide themselves after installation and sending spam mail for advertising.
Most of these fake vaccines are foreign programs. They show fake diagnosis results, and induce users to make payment, but there has been no report of actual financial damage due to payment methods and language problems. However, frequent exposure to fake infection warning windows and fake diagnosis windows are causing a great deal of inconvenience to PC users, thereby greatly increasing the number of reported cases of damage.
Fake vaccine are mostly distributed via E-Mail, which is a widely-known technique, but as the technique is getting more sophisticated day after day, a great deal attention is needed. This e-mail puts an e-mail address, belonging to well-known domains, such as large software makers, as the sender’s address, and contains seemingly relevant contents, and hides a file download link (URL) in the main text, not in the attached file. Accordingly, it will be very difficult for ordinary users receiving this e-mail to figure out whether it is a spam mail for distributing malicious programs on the basis of the contents of the e-mail alone. However, a close look at the file download link (URL) contained in the mail will reveal that it is linked to sites not related to the sender or suspicious sites. In this case it is advisable never to download and execute the file, but to delete the e-mail instead. Even though it is not a spam mail, if you are downloading a file on the web, you must always check the URL of the site where the file is located.
|
