top 10 latest viruses

12
Top 10 Latest Viruses Group 5 Newton Top 10 latest

Upload: twaylem-balicat

Post on 20-Jun-2015

94 views

Category:

Education


0 download

DESCRIPTION

Top 10 Latest Viruses

TRANSCRIPT

Page 1: Top 10 Latest Viruses

Top 10 Latest Viruses

Group 5Newton

Top 10 latest

Page 2: Top 10 Latest Viruses

• This is a generic detection for malicious TTF (True Type Font) files which exploit the CVE-2011-3402 vulnerability found in the Microsoft Windows driver "win32k.sys".

• A successful attempt of exploiting this vulnerability allows an attacker to execute malicious code with elevated privileges on a user's computer. Therefore the attacker may have full access to the user's private data, installed programs and be able to install or run any malicious program.

Exploit.CVE-2011-3402.Gen

Spreading: VERY LOW

Damage: LOW

Discovered:November 7,2011

Page 3: Top 10 Latest Viruses

Trojan.Ransom.IcePol (W32/Reveton; Trojan.Win32.Ransirac)

• In order to block access to the system, the Trojan Adds itself to the Winlogon\\Shell registry key in the Current User branch and denies access to Windows Explorer for the current user. This way, the user is locked on the outside, with no chance to run an antivirus solution or a removal tool.

Spreading: MEDIUM

Damage: HIGH

Discovered: March 20, 2012

Page 4: Top 10 Latest Viruses

Trojan.Flame.A(SkyWiper)

• This is a multi-component malware for targeted attacks. It is able to spy, leak data, download/execute other components.

Spreading: MEDIUM

Discovered: May 28, 2012

Damage: VERY HIGH

Page 5: Top 10 Latest Viruses

Trojan.OlympicGames

• The payload comes bundled in spam messages related to the London Olympic Games. Most of the identified samples are fake ticket confirmations in the form of malicious PDF documents. When opened, the PDF file takes advantage of the CVE-2010-2883 vulnerability in Adobe Reader versions 9.3 and eariler to deploy a backdoor service on the machine.

Spreading: VERY LOW

Discovered: August 14, 2012

Damage: VERY LOW

Page 6: Top 10 Latest Viruses

Trojan.Startpage.AABI

• The computer user is shown an advertisement in the Yahoo Messenger chat window. If clicked, the user is prompted to download and execute a setup file that contains the payload. When executed, the file copies itself to %APPDATA%\\laban.exe and sets itself to run at every system boot. When running, it monitors to see whether the laban.vn page is set as default for every browser installed on the PC and, if it has been changed, it restores it back to laban.vn.

Spreading: VERY LOW

Discovered: August 14, 2012

Damage: VERY LOW

Page 7: Top 10 Latest Viruses

Trojan.FakeAV

• Fake AV trojans (known as rogue AV) are applications that claim the user's computer is infected and professional intervention is needed. In order to clean the alleged infections, the user has to purchase the software and, until payment is made, all the regular activities are disrupted.

Spreading: VERY LOW

Discovered: September 22,

2012

Damage: VERY LOW

Page 8: Top 10 Latest Viruses

Rootkit.MBR.TDSS

• The rootkit component is installed by the dropper malware. It hooks specific functions of the operating system, and uses intermediary files to prevents Windows from checking digital signatures for drivers. It also acts as a handler for HDD read/write requests. The rootkit component is used with the sole purpose of hiding other maluicious payloads that are part of the respective campaign.

Spreading: MEDIUM

Discovered:November 4, 2012

Damage: MEDIUM

Page 9: Top 10 Latest Viruses

Rootkit.Sirefef.Gen (Sophos Troj/ZAccess-L, Troj/ZAccess-I, HPmal/ZAccess-A Avira RKIT/ZeroAccess.A)

• ZeroAccess/Sirefef is a sophisticated kernel-mode rootkit that gets installed when a ZeroAccess dropper gets executed. Initially, the dropper checks to see whether it is running on a 32- or a 64-bit machine by querrying the ZWQueryInformationProcess api.

Spreading: MEDIUM

Discovered: November 21,

2012

Damage:HIGH

Page 10: Top 10 Latest Viruses

PDF:Exploit.CVE-2013-5065.A

• This is a detection for malicious PDF files which exploit the CVE-2013-5065 local privilege escalation vulnerability found in the Microsoft Windows NDProxy driver, that could allow attackers to run code in Kernel mode. The vulnerable systems are the running Windows XP or Windows Server 2003.

Spreading: VERY LOW

Discovered:November 28, 2013

Damage:LOW

Page 11: Top 10 Latest Viruses

Exploit.CVE-2013-5065.A

• This is also a detection for malicious PDF files which exploit the CVE-2013-5065 local privilege escalation vulnerability found in the Microsoft Windows NDProxy driver, that could also allow attackers to run code in Kernel mode. The vulnerable systems are the also running Windows XP or Windows Server 2003. (Descriptions are the same with PDF:Exploit.CVE-2013-5065.A)

Spreading:VERY LOW

Discovered: November 28,

2013

Damage:LOW

Page 12: Top 10 Latest Viruses

Thanks for watching!!!

Presented by: Group 5 Keith Isaiah Catalan Jimmy Ong III Arzel Kyle Herrera Joan Galang Leila Mari Gem

Guinitaran Pamela Anne Marte Ina Louise Magno Fortune Ivy Salazar