Monthly Threat Report: January 2017

top_10_elg_ene_17_1200x627eng

The Top Ten Threats

1. Win32/TrojanDownloader.Wauchos
Previous Ranking: 2
Percentage Detected: 5.86%

This is a Trojan which tries to download other malware from the Internet. It collects information about the operating system, including settings and the computer’s IP address. Then, it attempts to send the information it has gathered to a remote machine. It can download files from a remote computer and/or the Internet, run executable files, create Registry entries and remove itself from the infected computer.

2. JS/ProxyChanger
Previous Ranking: N/A
Percentage Detected: 3.62%

JS/ProxyChanger is a Trojan that prevents access to certain web sites and reroutes traffic to certain IP addresses.

3. Win64/TrojanDownloader.Wauchos
Previous Ranking: 5
Percentage Detected: 2.86%

This is a Trojan which tries to download other malware from the Internet. It collects information about the operating system, settings and the computer’s IP address. Then, it attempts to send gathered information to a remote machine. It can download files from a remote computer and/or the Internet, run executable files, create Registry entries and remove itself from the infected computer.

4. LNK/Agent.DA
Previous Ranking: 3
Percentage Detected: 2.77%

LNK/Agent.DA is detection name for a *.lnk file that executes the Trojan Win32/Bundpil.DF. The LNK file is part of a Bundpil attack and is created with the special name “%drive_name% (%drive_size%GB).lnk” on removable drives, convincing users that it’s a link to drive content. It actually points to %system32%\rundll32.exe with a Bundpil DLL component as a parameter.

5. Win32/Bundpil
Previous Ranking: 4
Percentage Detected: 2.57%

Win32/Bundpil is a worm that spreads via removable media. The worm contains a URL from which it tries to download several files. The files are then executed and HTTP is used for communication with the command and control server (C&C) to receive new commands. The worm may delete files with the following file extensions:
*.exe
*.vbs
*.pif
*.cmd
*Backup

6. JS/Danger.ScriptAttachment
Previous Ranking: 1
Percentage Detected: 2.34%

JS/Danger.ScriptAttachment is a generic detection of suspicious e-mail attachments.

7. HTML/FakeAlert
Previous Ranking: 6
Percentage Detected: 2.30%

HTML/FakeAlert is generic detection name for an HTML page showing a made-up, fake alert message, usually about a fictional virus infection or some other problem which is supposed to harm the computer or user’s data. The user is usually urged to contact fake technical support hotlines or download and execute a fake security solution from the Internet to prevent “damage”. This kind of page is usually used as a starting point for ‘Support Scams’.

8. Win32/Adware.ELEX
Previous Ranking: N/A
Percentage Detected: 1.37%

Win32/Adware.ELEX is an application designed for delivery of unsolicited advertisements to an affected computer. Usually, it alters the behavior (settings) of an Internet browser (for example adware sets its own “homepage” and setting back this value to original value is no easy task – the adware or a component of the adware is protecting this setting). Then the adware displays small windows with advertisements within the browser.

9. HTML/Refresh
Previous Ranking: 7
Percentage Detected: 1.25 %

HTML/Refresh is a Trojan that redirects the browser to a specific URL serving malicious software. The malicious program code is usually embedded in HTML pages.

10. Win32/Agent.XWT
Previous Ranking: N/A
Percentage Detected: 1.18%

Win32/Agent.XWT is a trojan that serves as a backdoor. It can be remotely controlled and is usually a part of other malware. It collects the operating system version and language settings, then attemps to send the gathered data to a remote machine using HTTP.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s