Insight into New Threats

Nov 22, 2008

  • 11 new 2Mb+ program filesLarge programs are rare. A large number can be a sign of a P2P file sharing worm creating bogus download files.
  • 5 new device driversNew device drivers are quite rare. A large increase would be suspicious unless a new windows update has just been released.
  • 2,228 new file namesMost safe programs are known by only one name. Malicious software often uses multiple file names.
  • 844 Malicious Programs first seen todayThis is a count of programs first seen on this day that have been automatically classified as malicious.
  • 329 new programs with multiple file namesPrograms with multiple file names need careful examination. Malware often uses multiple file names for the same program.
  • 44 new screen saversScreen savers have been used to hide malware. New screen savers should be treated with caution and checked.
  • 2 new Windows sub foldersNew sub folders in the Windows directory are frequently created by malware to hide its payload from the user.
  • 39 new system componentsNew windows system components are rare and should be checked.
  • 16 malware groups with new deviantsThis is a count of known virus, trojan, worm, spyware, adware or general malware groups with new deviants first seen on this day.
  • 1 new SMTP mail programsPrograms (Mass Mailers) which can send large volmes of mail via SMTP from any PC are a major driver in spreading viruses, trojans, worms and general malware infection.
  • 10 new Browser Help ObjectsBrowser Help Objects can perform almost any action on a PC and are frequently used as part of spyware and adware infections. New BHOs should always be checked.
  • 19 new self replicating programsVery few safe programs make copies of themselves. Viruses, trojans, worms, Spyware and adware programs do this a lot.
  • 46 new Activex componentsActiveX components are often used as part of drive by spyware or adware infections and should always be thoroughly investigated.
  • 14 new TCP ServersThese programs send data to other computers across the network or internet. A technique often used in identifity theft by Spyware and Adware infections.
  • 4 new MSDos ProgramsMSDos Applications are frequently used as part of a virus, worm, trojan, spyware or malware infection and should always be checked.
  • 1 new KeyloggersThese programs can record keystrokes and some can even record mouse movement. These techniques are common among Spyware and Identity Theft Attacks.