Updates

A compilation of the latest information about viruses and worms, security issues and patches to rectify the same.

Microsoft releases Intelligence Report

Microsoft recently came out with the Microsoft Security Intelligence Report focussing upon key trends in malware seen during the first half of 2006. The report is part of the Windows Malicious Software Removal Tool (MSRT) that has been available from January 2005 onwards. MSRT is designed to help, identify and remove malware from computers and is available at no charge to licensed Windows users.

The report suggests that with more than 43,000 new variants found in the first half of 2006, backdoor Trojans and bots are the most active category of malware. Of the four million computers cleaned by the MSRT, approximately two million (or about 50 percent of those with malware present) contained at least one backdoor Trojan. While this is a high percentage, it is lower than what was the case during the second half of 2005. During that period, MSRT data showed that, of computers with malware present, 68 percent contained a backdoor Trojan.

Despite increased industry interest in Windows rootkits in 2005, there has actually been a 50 percent reduction in this type of attack against computers running Microsoft Windows during the past six months a trend that will bear watching. The reduction in rootkit attacks may be related to the increasing availability of antirootkit tools and educational materials made available as of 2006 as well the backlash against music vendors using rootkit-flavoured DRM (Digital Rights Management). These tools have helped to decrease the number of large-scale rootkit attacks in favour of specialised stealth-related techniques. While these techniques may never progress beyond proof-of-concept, undoubtedly, some will appear as part of targeted attacks against high-value entities.

Social engineering continues to be a popular means of spreading malware, especially when sent over e-mail and peer-to-peer networks. For example, in the case of both the MSRT and Microsoft Windows Live OneCare, approximately 20 percent of computers cleaned were infected with a mass mailing worm. For the MSRT, this represents a slight increase from the previous six-month period, mainly due to the appearance of the Win32/Mywife.E mass mailing worm.

Backdoor Trojans and bots continue to comprise a significant percentage of the malicious software detected by Microsoft anti-malware offerings. Attackers, with financial gain in mind, are clearly concentrating a significant amount of development focus on this category of malware.

F-Secure reports Appdisabler.M

Appdisabler.M is a malicious SIS file Trojan, that attempts to disable Symbian OS applications—system and third party. Once installed, the Trojan replaces the main executable of several systems and third-party applications by overwriting their primary executable. If any third-party applications targeted by the Trojan are installed on the device, the primary executable will be overwritten, and will have to be reinstalled as part of the process of undoing the damage caused by this Trojan.