openPR Logo
Press release

Malware Authors Relying on Poor User Updating Practices

06-10-2011 08:14 AM CET | IT, New Media & Software

Press release from: G Data Software

/ PR Agency: March Communications

Old security holes increasingly popular among online criminals

DURHAM, NC – June 9, 2011 – When infecting PCs, online criminals are increasingly benefiting from uninstalled updates for browsers and their components. In this regard, research carried out by G Data SecurityLabs indicates that unclosed security holes in browser plug-ins are very much in fashion with bands of cyber criminals. This distribution concept means that current security holes are far from being the only ones exploited by the perpetrators, as evidenced in the current malware analysis for the month of May 2011. In the previous month alone, four of the Top 10 computer malware programs had been targeting Java security holes for which Oracle had been offering an update since March 2010. The German IT security provider has noted another increase in malware that installs adware or tries to lure users to install bogus antivirus programs.

According to estimates by G Data experts, the malware industry has been focusing on Java security holes since the end of last year. This kind of computer malware is already dominating the malware landscape and has recently ousted PDF security holes from the Top 10. "Even though an enormous number of program updates are being provided, users should not be fooled into deactivating automatic update functions. Not only does this apply to Java, but it should also apply in general to all browser plug-ins used and all applications installed on the PC," recommends Ralf Benzmüller, head of G Data SecurityLabs. Users can go to the website www.java.com to carry out a quick check as to whether they have installed the most up-to-date Java version and all corresponding updates on their computer.

Potentially Unwanted Programs (PUP)
Experts at G Data SecurityLabs have noted another increase, this time among malware that installs unwanted software, called PUPs, on PCs. In recent months two kinds of malware from this category have made it into the G Data malware Top 10 - Variant.Adware.Hotbar.1 and Trojan.FakeAlert.CJM.

The programs function in different ways to one another, ranging from unwanted advertising displays or installing spyware to marketing bogus antivirus programs (scareware). For example, Trojan.FakeAlert.CJM tricks browser users into believing that the computer is infected. They can only disinfect their system by purchasing the "antivirus program" being advertised. Victims who fall for this scam purchase a completely useless and often dangerous software program which, instead of offering protection, only downloads and installs more malware, in order to steal personal data.

Information on the G Data Malware Top10 computer malware programs

Java.Trojan.Downloader.OpenConnection.AO
This Trojan downloader is contained within manipulated Java applets found on websites. When the applet is downloaded, a URL is generated from the applet parameters, which the downloader uses to upload a malicious executable file onto the user's computer and run it. These kinds of files can be any type of malware. The downloader exploits the CVE-2010-0840 security hole to break out of the Java sandbox and write data to the system.

Trojan.Wimad.Gen.1
This Trojan pretends to be a normal .wma audio file, albeit one that can only be played after installing a special codec/decoder on Windows systems. If the user runs the file, the attacker can install malware of any kind on the user's system. The infected audio file is mainly distributed via P2P networks.

Gen:Variant.Adware.Hotbar.1
This adware is generally secretly installed, as part of free software packages from programs such as VLC, XviD, etc., which are downloaded from sources other than the provider. The supposed sponsors of the current software version are 'Clickpotato' and 'Hotbar'. All packages are digitally signed by "Pinball Corporation" and the adware is automatically launched every time Windows is started, integrating itself as a systray icon.

Worm.Autorun.VHG
This malware program is a worm that uses the autorun.inf function in Windows operating systems to distribute itself. It uses removable storage devices such as USB sticks or portable hard drives. It is an Internet and network worm and exploits the CVE-2008-4250 vulnerability.

Java.Trojan.Downloader.OpenConnection.AI
This Trojan downloader is contained in manipulated Java applets found on websites. When the applet is downloaded, a URL is generated from the applet parameters. The downloader uses this to upload a malicious executable file onto the user's computer and run it. These kinds of files can be any type of malware. The downloader uses the CVE-2010-0840 vulnerability to circumvent the Java sandbox, which enables the downloader to write data locally.

Trojan.AutorunINF.Gen
This generic recognition software is able to recognise known and unknown malicious autorun.inf files. Autorun.inf files are autostart files that are exploited as computer malware distribution mechanisms on USB devices, removable storage devices, CDs and DVDs.

Java.Trojan.Downloader.OpenConnection.AN
This Trojan downloader is contained in manipulated Java applets found on websites. When the applet is downloaded, a URL is generated from the applet parameters. The downloader uses this to upload a malicious executable file onto the user's computer and run it. These kinds of files can be any type of malware. The downloader exploits the CVE-2010-0840 security hole to break out of the Java sandbox and write data to the system.

Java:Agent-DU [Expl]
This Java-based malware program is a download applet that tries to use a security hole (CVE-2010-0840) to circumvent the sandbox protection mechanism and download additional malware onto the computer. Once the applet has fooled the sandbox, it can directly download and run .exe files. This is something that a simple applet cannot do, as the Java sandbox prevents it from doing so.

Trojan.FakeAlert.CJM
This malware program tries to tempt computer users into downloading fake antivirus software that is actually the FakeAV program. In doing so, the website imitates the user's Windows Explorer and indicates that there are numerous alleged infections. As soon as the user clicks something on the website, a downloadable file is offered that contains the actual FakeAV program, e.g. a variant of System Tool.

HTML:Downloader-AU [Expl]
This Java-based malware is an applet that downloads an HTML page. This primed HTML site tries to use a security hole (described in CVE-2010-4452) to download a Java class from a URL to the vulnerable Java VM. The attacker uses this to try and bypass the VM protection mechanisms, thereby creating a way to carry out almost any kind of activity on the computer.

Methodology
The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G Data security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G Data program. If a computer malware attack is fended off, a completely anonymous report of this event is made to G Data SecurityLabs. G Data SecurityLabs then collects and statistically assesses data on the malware.

About G Data Software, Inc.

Founded in 1985, G Data Software is one of the world’s first antivirus providers, with offices and distribution in more than 90 countries worldwide. The company provides proven enterprise and consumer security solutions, including antivirus, anti-spyware, anti-phishing, and firewall software. In addition to products, G Data Software runs a world-class malware research lab, Security Labs, which monitors and analyzes current computing threats on a global basis, partnering with organizations, governments and nonprofits to fulfil a variety of needs. The company has recently established operations in North America, located in the heart of Research Triangle Park, North Carolina. For more information on G Data Software, its products, or Security Labs, visit www.gdata-software.com

G Data Software
2530 Meridian Parkway, Suite 300
Durham, North Carolina 27713

Press contacts
G Data Software
Eric Seymour / Aarti Shah
Phone: 617-960-9856 / 9878
Email: gdata@marchpr.com
Web: www.gdata-software.com

This release was published on openPR.

Permanent link to this press release:

Copy
Please set a link in the press area of your homepage to this press release on openPR. openPR disclaims liability for any content contained in this release.

You can edit or delete your press release Malware Authors Relying on Poor User Updating Practices here

News-ID: 178834 • Views:

More Releases from G Data Software

G Data Warns Consumers of the Significant Security Risks Posed by Social Networks
G Data Warns Consumers of the Significant Security Risks Posed by Social Network …
Massive Global Survey Highlights Risky User Behavior DURHAM, NC – August 16, 2011 – G Data Software, one of the world’s first antivirus providers, warns consumers to be wary while using social networks as criminals are leveraging their behavior to entice people to click on links to virus-infested sites and thus infect their PCs with malware. According to the G Data 2011 Security Survey, nearly one in five consumers click on
Durham Mayor Bill Bell to Launch the 2nd Annual Durham Senior Amateur Golf Championship with Ribbon-Cutting Ceremony
05-23-2011 | Sports
G Data Software
Durham Mayor Bill Bell to Launch the 2nd Annual Durham Senior Amateur Golf Champ …
G Data Software to Sponsor the Event and Giveaway a Top-flight Power Motor Scooter and Sun Mountain Premium Golf Bag Durham, NC—May 20, 2011— Durham’s Mayor Bill Bell will open the 2nd Annual Durham Senior Amateur Golf Championship with a ribbon-cutting event and welcome remarks on Monday, May 23 at 8:00 a.m., at the first Tee on the Hillandale Golf Course in Durham, followed by the first group teeing-off at
G Data Software Provides Free FakeAV Cleaner to Remove Scareware from Infected PCs
G Data Software Provides Free FakeAV Cleaner to Remove Scareware from Infected P …
Lightweight, Free Tool Rescues Victims of the Most Common Fake Antivirus Programs DURHAM, NC – May 16, 2011 – G Data Software, one of the world’s first antivirus providers, is offering G Data FakeAV Cleaner to help Internet users protect against fake antivirus programs, also referred to as scareware. Available to all PC users, this free tool cleans Windows systems that are infected with fake antivirus programs belonging to the System
According to G Data, Be Wary of Opening Your Heart to Online Criminals this Valentine’s Day
According to G Data, Be Wary of Opening Your Heart to Online Criminals this Vale …
Spammers Increasingly Luring Users with Shortened URLs Durham, NC—February 11, 2011— G Data Software, one of the world’s first antivirus providers, reports a massive increase in spam related to Valentine’s Day, with online criminals directing unsuspecting users to fraudulent websites offering promotions on flowers, forged jewelry, perfume, and other Valentine’s Day gifts. The cyber criminals then trick users into disclosing their credit card information. G Data Security Labs also predicts

All 5 Releases


More Releases for Java

The Official release of Free Java Word API--Free Spire.Doc for Java
News Overview E-iceblue released a totally free and independent Java Word API, Free Spire.Doc for Java v2.0.0, which enables Java applications to generate and manipulate Word without installing Microsoft Word. Hong Kong Apr 10, 2019, Free Spire.Doc for Java was released. This is a Java Word API and totally free for programmers to create/save/edit Word, convert Word files to most common and popular formats, insert/edit/remove objects and print Word without installing Microsoft
Rendering Shape Soft Edges Effect, Java 10 & Java 11 Support inside Android Apps
What's New in this Release? Aspose team is pleased to share the release announcement of Aspose.Slides for Android via Java 18.10. This is one of major releases whereby Aspose team has have included support for Java 10 and Java 11 in API. There are some important new features introduced in this release, such as Support for rendering shape Soft Edges (EffectFormat) effect and Turning off updates automatically option for Date time
Java 11 Support & Export Word Files Headers Footers to Plain Text TXT File in Ja …
What's New in this Release? Aspose development team is happy to announce the monthly release of Aspose.Words for Java 18.11. The release of this month contains number of new features, enhancements and bug fixes of the issues reported by our users in previous versions. A new feature has been added in Aspose.Words 18.11 to export all headers and footers at the end of document. We have added new property TxtSaveOptions.ExportHeadersFootersMode in
Java 10 Support & Nested Reports Provision by LINQ Reporting Engine inside Java …
What's New in this Release? Aspose development team is happy to announce the monthly release of Aspose.Words for Java 18.8. There are 86 improvements and fixes has included in this regular monthly release, such as Java 10 tested and supported now, New and updated Samples and Examples, Change SHA-1 to SHA-256 and public asymmetric key from 1024 to 2048 for the license mechanism, Implemented support for “underline trailing spaces” compatibility option,
ZK 3.5 Supports Java Applet
We are very pleased to announce that ZK 3.6 is released. Over 28 new features and 44 bugs fixed. Listbox supports auto-soring on fields. Applet Component allows you to embed Java Applet to run application on client side. Moreover, CSS and images are simplified and optimized for better performance. ZK is a Direct RIA framework to increase developer’s productivity by integrating frontend and backend of applications transparently to deliver rich, and
Java GUI Test Automation: Squish for Java Success at Ericsson
\"Squish has proved to be an excellent and popular replacement for the GUI automation tool which was used in previous automation campaigns.\" said Shane McCarron from Ericsson AB. We had the pleasure to interview Shane McCarron, a Senior Designer of Ericsson AB, who use froglogic\'s Squish for their automated GUI testing effort of several Java GUI applications in different divisions. We talked about their test automation and why they chose Squish