Conficker, Coreflood and Other Malware Madness on Your PC

A recent update from the hackers enabled it to hook itself even deeper within the Windows operating system to avoid detection. Researchers at the University of California, Santa Barbara, seized control of the Torpig botnet for 10 days earlier in 2009 and uncovered 70GB worth of financial data.

Also known as Zbot, the Trojan has been linked to the cyber-theft of financial information. The hackers controlling the botnet recently hit the “kill operating system” switch on more than 100,000 infected computers.

Rustock.C creates a back door on a compromised system and uses rootkit functionality to hide any files and registry subkeys it creates. The first “operational” samples of Rustock.C appeared in September 2007. Security researchers estimate the botnet can send out as many as 600,000 spam messages a day. Photo courtesy of Microsoft

Vundo is a Trojan also known as Virtumonde. The malware has been linked to campaigns for rogue anti-virus. There are many different types of Vundo trojans. According to SecureWorks, the malware family includes rootkit functionality, and often spreads through Instant Messaging and fake YouTube videos. Once infected, victims may be hit with numerous payloads.

Conficker—The Windows Worm You May Have Heard of Though it may have been overhyped, the Conficker worm definitely created a massive army of compromised computers. At various times, the number of infections has been put in the millions. More recent estimates have put the number of PCs compromised by variants A, B and C at about 2.7 million, according to the Conficker Working Group. Photo courtesy of Conficker Working Group

Hexzone is installed as a “Browser Helper Object,” and injects itself into the browser as a plug-in. When the victim browses the Web, the plug-in leads them to a page hosting porn and demands payment to remove the content. According to FireEye, Hexzone has also been observed downloading Trojan.Ransomlock.

Coreflood remains an effective banking Trojan. Coreflood goes back to as early as 2002, and was linked last summer to the infection of thousands of computers and the theft of some 500 gigabytes of uncompressed data during a 16-month period. Photo courtesy of SecureWorks

Bankpatch.C popped up earlier this year. Bankpatch is customized to target certain regions and certain banks, such as in January and February, when there was an outbreak of infections in Denmark. The first version of the Trojan was released in 2007, with the .C variant first appearing in August of 2008, according to Symantec.