|
|
Share
There are pieces of malware that make a big splash such as Conficker and then those such as Coreflood that for a variety of reasons do a better job of flying under the radar. In the end, the long-term success of a piece of malware to a large extent depends on it being able to avoid both detection and sustained scrutiny by the security community. Doing so can allow attackers to build mammoth botnets to the tune of hundreds of thousands of zombie computers - or, in the case of Conficker, millions.
The usual endgame for the hackers, of course, is to turn the mountains of stolen data into money. After discussions with some security vendors and researchers, eWEEK has compiled a short list of some of the stealthier and more persistent pieces of malware out there today.
By Brian Prince
|
|
|
|
- The MBR/Sinowal/Mebroot/Torpig rootkit—Stealthiest Rootkit in the Wild?
A recent update from the hackers enabled it to hook itself even deeper within the Windows operating system to avoid detection. Researchers at the University of California, Santa Barbara, seized control of the Torpig botnet for 10 days earlier in 2009 and uncovered 70GB worth of financial data. - Zeus—Malware from Mount Olympus
Also known as Zbot, the Trojan has been linked to the cyber-theft of financial information. The hackers controlling the botnet recently hit the "kill operating system" switch on more than 100,000 infected computers. - Rustock.C—Busy Botnet
Rustock.C creates a back door on a compromised system and uses rootkit functionality to hide any files and registry subkeys it creates. The first "operational" samples of Rustock.C appeared in September 2007. Security researchers estimate the botnet can send out as many as 600,000 spam messages a day.
Photo courtesy of Microsoft - Vundo—Social Engineering
Vundo is a Trojan also known as Virtumonde. The malware has been linked to campaigns for rogue anti-virus. There are many different types of Vundo trojans. According to SecureWorks, the malware family includes rootkit functionality, and often spreads through Instant Messaging and fake YouTube videos. Once infected, victims may be hit with numerous payloads. - Conficker—The Windows Worm You May Have Heard of
Though it may have been overhyped, the Conficker worm definitely created a massive army of compromised computers. At various times, the number of infections has been put in the millions. More recent estimates have put the number of PCs compromised by variants A, B and C at about 2.7 million, according to the Conficker Working Group.
Photo courtesy of Conficker Working Group - Hexzone—Kidnapping Computers
Hexzone is installed as a "Browser Helper Object," and injects itself into the browser as a plug-in. When the victim browses the Web, the plug-in leads them to a page hosting porn and demands payment to remove the content. According to FireEye, Hexzone has also been observed downloading Trojan.Ransomlock. - Coreflood—A Deadly Banking Trojan
Coreflood remains an effective banking Trojan. Coreflood goes back to as early as 2002, and was linked last summer to the infection of thousands of computers and the theft of some 500 gigabytes of uncompressed data during a 16-month period.
Photo courtesy of SecureWorks - Trojan Bankpatch.C—Denmark Banks Targeted
Bankpatch.C popped up earlier this year. Bankpatch is customized to target certain regions and certain banks, such as in January and February, when there was an outbreak of infections in Denmark. The first version of the Trojan was released in 2007, with the .C variant first appearing in August of 2008, according to Symantec.
|
|
Security Hardware & IT Security Software 
See All Slideshows
