Towards the close of 2014, the spread of malware in Indonesia is still dominated by four large microbots like an overwhelming number of computer users threaten Indonesia.
In addition to four of the Trojans, Adware, Exploit and Worm. Specifically in the category of Adware, recorded six dominant adware which controls more than 75% of adware infections, reminiscent of Baymax and 5 other Marvel hero who joined the Big Hero 6.
In October 2014, there were a malware infection that is quite dominant and could even beat Exploit and Worm. Malware is Sality which alone beat Worm and Exploit.
For details of malware that infects Indonesia in October 2014 can be found in the description and figure 1 below:
Figure 1, Malware Statistics Indonesia, 2014
Trojan 42,5 %
Trojans managed to control nearly 50% of malware infections in Indonesia in October 2014 and this action led by Trojan.Crypt.HO and JS.Runner.BH are responsible for 44% and 32% of the total Trojan infection. While ranked 3-5 were occupied by Trojan Autorun (2.7%), dropper (3.66%) and Trojan.LNK (8.02%) were responsible for much of spreading malware Shortcut in Indonesia.
For information, Trojan.Crypt.HO are brothers and both this malware Sality support each other. The high spread of Trojan.Crypt.HO will directly lead to high deployment Sality. This is evident from the statistics malware months in October 2014 where malware Sality successfully ranked third beat Exploit and Worm.
While JS.Runner.BH is a dangerous trojan which focuses himself to steal secret data is a victim computer. JS.Runner.BH infection usually occurs from bundling with programs on crack and torrent. JS.Runner also will download other malware and activate it, but that he would open security of computer operating system in the infection. In many cases, the infected programs JS.Runner will experience performance degradation becomes very slow due to malware is spending too much computer resources. The bad news, JS.Runner.BH hard to kill, because it modifies the registry and disguised as a legitimate Windows file system. Whenever in the clear, he will come back and back again. For a complete dafatr detected Trojan can be seen in Table 1 below.
Table 1, which infects the Top Trojan Indonesia in October 2014
Adware 24,7 %
If the Trojans dominated by two types Crypt and JS.Runner which controls 76% of the total Trojan infection, then Adware have a spread more evenly. Like a Big Hero 6, it took 6 names to dominate 74% of adware adware infection in October 2014. The six names are BrowseFox (34.81%), which controls 12.04% Adware.Graftor, Swiftbrowse (9.06%) , Search Protect, Browsefox.H and Relevant Knowledge.
Browsefox began detected carry out the action in mid-2014 and included into the PUP (Potentially Unwanted Programs) aka actual unwanted programs and in a way that sometimes tricky installs itself on the victim computer along with other popular programs are usually free from Brothersoft, Softonic and Cnet (download .com). In many cases PUP actually made by the authorized software company but has a low concern for the security and convenience of computer users and is only concerned with corporate profits above all else.
Adware.Graftor as Browsefox also installed along with other freeware and in many cases berbentul Add On a browser or additional toolbar to the browser. Please be careful to add a new toolbar or add on your browser in order to avoid the Adware infections. For a complete list Adware infecting Indonesia in October 2014 can be seen in Table 2 below.
Tabel 2, Top 10 Adware Indonesia Oktober 2014
After adware, Win32 / Sality is the only single malware capable ranks third with infection as much as 9.1% as most malware stopped by G Data. If successful menginfekis your system, Sality will run payloadnya spamming action to harvest email addresses from Outlook and Internet Explorer cached. He has the ability to penetrate the Windows Firewall protection and avoid blocking antispam company in carrying out the action.
Exploit 6,7 %
Just like the previous period, the exploitation of the most widely exploited CVE-2010-2568 is (81.30%) and CVE-2011-0979 (see table 3 below:
Table 3, the most widely Exploit stopped by G Data with anti Exploit
Security loopholes are imperfections or errors in programming (bugs) in all man-made software such as Microsoft Windows, Linux, MS Office, Adobe Acrobat, Java, Browse (IE, Chrome, Firefox etc), OpenSSL, Squid, and so on are usually unconscious / unintentional. This bug can cause system instability, crashes or system can be accessed / controlled by other people who are not eligible. Security loopholes always found every day and there is no way to avoid the threat of exploitation of this vulnerability in addition to the patch (patch) as you do every day to update the software. Security holes are cross platform and not just one particular operating system monopoly. In fact, in the case of popular applications such as Acrobat Reader or Java are very popular and used a variety of operating systems enable the exploitation of a cross on the operating system on which the application containing the security loopholes in installed. Therefore, it is very important to have adequate protection against exploitation of security holes in your system to always do a software update to get the latest on vulnerability patches. If possible and you have the funds, make sure you have an antivirus program has protection against exploits a security hole in order to maximize the protection of your system. Active protection against this exploit is very important because the system contains vulnerabilities that have not been patched (patch) will be infected by malware that exploits a security hole EVEN proficiency level the system is protected with updated antivirus program. So exploit security holes can bypass the protection afforded by antivirus programs.
The two exploits vulnerabilities that most Anti Exploit stopped Gdata with this is:
- CVE-2010-2568 is a real security hole LNK.Shorcut more than 4 years old but is still included in the most security holes in exploitation (81.30%), security hole is a favorite because it can be exploited to control a lot of OS Microsoft Windows workstations and servers well as Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, Windows 7 that allows the attacker to control the victim's computer with .LNK file or shortcut PIF files that have been prepared in advance . This security hole is also diekslpoitasi by Stuxnet via CVE-2010-2772 on Siemens WinCC SCADA system.
- CVE-2011-0979 adalah celah keamanan pada Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, Office 2004, 2010, 2008 in 2011 for Mac, Open XML File Format Converter for Mac in Excel Viewer SP2. Celah keamanan united memungkinkan penyerang menjalankan program komputer yang lain guna menguasai memiliki celah keamanan united. Pada bulan October 2014, celah keamanan united menempati Nomor 2 said Bawah .LNK Shortcut draining tingkat eksploitasi sebanyak 17,89%
Worm
What is the difference worm with a virus? Definitively, worms and viruses are greeting both belong to the class of malware. But if the virus to spread itself usually requires the help of a third party, because it usually he would disguise himself as folders, JPEG files, MS Office and other files of interest. Worm has different skills that he does not need the help of a third party to infect your computer and automatically be able to infect all the computers in the network. The condition is that the infected computer has a vulnerability (vulnerability) that would exploit to run itself automatically. 2 worm most bnayak stopped by G Data is downadup (69.7%) and LNK.Runner (18.08). Downadup is long malware malware that could be number 1 in Indonesia for months. This malware has another name that may be you know, Conficker. Conficker has the ability to infect computers in the network, especially those that have the MS08-067 security holes found in Windows 2000, XP, Vista, Server 2003 and Server 2008. For those of you who want to avoid the action of Conficker, please do patching security holes mentioned above. Besides Conficker and LNK.Runner that exploit security holes shortcut, Vaksincom noted VBS malware action Dunihi, Beagle, Nimda and Palevo as in Table 4 below.
Table 4, Worm most widely discontinued in October 2014
In addition to malware-malware mentioned above, recorded zusy, Buzy, Virtob, Autorun and Trojan dropper that dominate the spread of malware in Indonesia in October 2014. The full list of malware that infects Indonesian statistics and stopped by G Data Antivirus Enterprise can be viewed at Table 5 below.
Table 5, Malware Top Indonesia Oktober 2014
Author: Alfons Tanujaya
Sumber : http://vaksin.com/, 10 November 2014.