February 2008

Threat Check

What types of threats have been plaguing computer users this past month? Take a look, below, at the top threats creating a buzz among Ad-Aware users in the Lavasoft Support Forums.

1. Virtumonde
Virtumonde, also known as Vundo, is a type of malware/adware that often requires special help, or tools, to remove. It hooks itself into the system and then displays pop-ups. It has also been seen, though not as commonly, popping-up fake alerts for rogue anti-spyware.

2. Win32.Trojandownloader.obfuscated
Win32.Trojandownloader.obfuscated is a typical type of generic downloader; it downloads and installs malicious software onto an infected system.

3. SpywareBot
SpywareBot is a rogue anti-spyware application. It exploits the name of another anti-spyware program, Spybot Search & Destroy, both in terms of application name and marketing. Clone programs such as AdwareAlert and AdwareArrest, and associated websites such as www.adaware2008.com, have been observed behaving in a similar manner. SpywareBot's scanning engine unconditionally detects files and folders based on the name and location of the file. This method of detection has, at very least, the potential to generate false positives and, at worst, damage the operating system.

4. Ultimate Defender
Ultimate Defender is a rogue anti-spyware application that has been around for some time, spreading through fake alerts and TrojanDownloader.NewMedia. It uses scare tactics to get the user to buy a license for the product. This may include placing fake malware on the infected machine; the software must be purchased in order to remove or fix whatever is being detected.

5. IeDefender
IeDefender is a rogue anti-spyware application that first appeared a few months ago, but has recently been seen using a new name - FilesSecure. It spreads by using a fake video codec, tricking the user into installing a Trojan on his or her system. This Trojan produces pop-up messages that tell the user that he or she is infected and must download anti-spyware software, specifically IeDefender. IeDefender will then scan the machine and detect the Trojan. The user is required to pay for a license in order for IeDefender to remove the malware.

- - - - - - - - - - - -
Have a question about one of these threats? Need guidance on how to rid your computer of spyware and malware? Take advantage of free support from our worldwide volunteer security network at the Lavasoft Support Forums.

Paragon Drive Backup 8.5 Personal Edition More Info Buy Now

Research indicates that the Storm Worm botnet increased in size by over 200% due to seasonal spam blasts surrounding Christmas and New Year’s Eve. Following a pre-Valentine’s Day surge, Storm made up 8% of overall e-mail traffic.
Source: Honeyblog.org, Sophos

An exploit is a piece of software that takes advantage of a hole or vulnerability in a computer user’s system in order to gain unauthorized access to the system.
Source: Anti-Spyware Coalition Glossary

You hear time and time again about the importance of keeping your computer patched against known vulnerabilities. Find out how to stay up-to-date.

“I just wanted to tell you what an amazing line of products you have. Many times [Ad-Aware 2007] has saved my computer from a total crash, or me the hassle of wiping the hard disk clean. It finds so many things: malware, adware, spyware and malicious email attachments, Trojans, monitoring tools and back-door viruses, things that are so hard for me to find on my own. Thank you, really. You make my life so much easier.”
S. Black (Setsuna, Kansas, USA)

Lavasoft AB Lilla Bommen 1, 411 04 Gothenburg, Sweden | www.lavasoft.com | editor@lavasoft.com