top 10 latest viruses
DESCRIPTION
Top 10 Latest VirusesTRANSCRIPT
Top 10 Latest Viruses
Group 5Newton
Top 10 latest
• This is a generic detection for malicious TTF (True Type Font) files which exploit the CVE-2011-3402 vulnerability found in the Microsoft Windows driver "win32k.sys".
• A successful attempt of exploiting this vulnerability allows an attacker to execute malicious code with elevated privileges on a user's computer. Therefore the attacker may have full access to the user's private data, installed programs and be able to install or run any malicious program.
Exploit.CVE-2011-3402.Gen
Spreading: VERY LOW
Damage: LOW
Discovered:November 7,2011
Trojan.Ransom.IcePol (W32/Reveton; Trojan.Win32.Ransirac)
• In order to block access to the system, the Trojan Adds itself to the Winlogon\\Shell registry key in the Current User branch and denies access to Windows Explorer for the current user. This way, the user is locked on the outside, with no chance to run an antivirus solution or a removal tool.
Spreading: MEDIUM
Damage: HIGH
Discovered: March 20, 2012
Trojan.Flame.A(SkyWiper)
• This is a multi-component malware for targeted attacks. It is able to spy, leak data, download/execute other components.
Spreading: MEDIUM
Discovered: May 28, 2012
Damage: VERY HIGH
Trojan.OlympicGames
• The payload comes bundled in spam messages related to the London Olympic Games. Most of the identified samples are fake ticket confirmations in the form of malicious PDF documents. When opened, the PDF file takes advantage of the CVE-2010-2883 vulnerability in Adobe Reader versions 9.3 and eariler to deploy a backdoor service on the machine.
Spreading: VERY LOW
Discovered: August 14, 2012
Damage: VERY LOW
Trojan.Startpage.AABI
• The computer user is shown an advertisement in the Yahoo Messenger chat window. If clicked, the user is prompted to download and execute a setup file that contains the payload. When executed, the file copies itself to %APPDATA%\\laban.exe and sets itself to run at every system boot. When running, it monitors to see whether the laban.vn page is set as default for every browser installed on the PC and, if it has been changed, it restores it back to laban.vn.
Spreading: VERY LOW
Discovered: August 14, 2012
Damage: VERY LOW
Trojan.FakeAV
• Fake AV trojans (known as rogue AV) are applications that claim the user's computer is infected and professional intervention is needed. In order to clean the alleged infections, the user has to purchase the software and, until payment is made, all the regular activities are disrupted.
Spreading: VERY LOW
Discovered: September 22,
2012
Damage: VERY LOW
Rootkit.MBR.TDSS
• The rootkit component is installed by the dropper malware. It hooks specific functions of the operating system, and uses intermediary files to prevents Windows from checking digital signatures for drivers. It also acts as a handler for HDD read/write requests. The rootkit component is used with the sole purpose of hiding other maluicious payloads that are part of the respective campaign.
Spreading: MEDIUM
Discovered:November 4, 2012
Damage: MEDIUM
Rootkit.Sirefef.Gen (Sophos Troj/ZAccess-L, Troj/ZAccess-I, HPmal/ZAccess-A Avira RKIT/ZeroAccess.A)
• ZeroAccess/Sirefef is a sophisticated kernel-mode rootkit that gets installed when a ZeroAccess dropper gets executed. Initially, the dropper checks to see whether it is running on a 32- or a 64-bit machine by querrying the ZWQueryInformationProcess api.
Spreading: MEDIUM
Discovered: November 21,
2012
Damage:HIGH
PDF:Exploit.CVE-2013-5065.A
• This is a detection for malicious PDF files which exploit the CVE-2013-5065 local privilege escalation vulnerability found in the Microsoft Windows NDProxy driver, that could allow attackers to run code in Kernel mode. The vulnerable systems are the running Windows XP or Windows Server 2003.
Spreading: VERY LOW
Discovered:November 28, 2013
Damage:LOW
Exploit.CVE-2013-5065.A
• This is also a detection for malicious PDF files which exploit the CVE-2013-5065 local privilege escalation vulnerability found in the Microsoft Windows NDProxy driver, that could also allow attackers to run code in Kernel mode. The vulnerable systems are the also running Windows XP or Windows Server 2003. (Descriptions are the same with PDF:Exploit.CVE-2013-5065.A)
Spreading:VERY LOW
Discovered: November 28,
2013
Damage:LOW
Thanks for watching!!!
Presented by: Group 5 Keith Isaiah Catalan Jimmy Ong III Arzel Kyle Herrera Joan Galang Leila Mari Gem
Guinitaran Pamela Anne Marte Ina Louise Magno Fortune Ivy Salazar