F-Secure has predicted the emergence of more than one million viruses and Trojans in the year 2008. The security company has said to be receiving an average of 25,000 malware samples every day, seven days a week.
F-Secure has also warned about the changes in tactics of malware authors. In the recent past such malwares were sent though email-attachments that resulted in mass outbreaks like Bagle, Mydoom and Warezov. While now sending .EXE attachments in e-mail doesn’t work hence creators are using the way of drive-by downloads on the web for spreading viruses.
Yet e-mail has been the common factor of spreading malwares however email attachments are now replaced by a web link. Usually users are sent e-mails having subjects such as “There is a video of you on YouTube”, or “You have received a greeting card”, or “Thank you for your order” and a link is sent with the mail.
This link guides the user toward malicious websites. Infections via drive-by download happens automatically just by visiting a website. Infections can also happen when a user clicks on a download and runs a program from the web page that contains the malware.
A MBR rootkit popularly known as Mebroot is an example of the recent malware observed by F-Secure. As of now it has been distributed by drive-by downloads. The infected system’s Master Boot Record (MBR), which is the first physical sector of the hard drive contains the first code loaded and executed from the drive during the boot process. It keeps the amount of system modifications to a minimum and is very challenging to detect from within the infected system.
Another method that virus creators use for infection is to create many web pages with thousands of different keywords which are indexed by Google. When people search for such keywords and click on a search result that looks just like all the others, their computer gets infected. Such infection usually takes place without any notice of users. They do not see anything unusual or strange happening on the screen.
Hacking into existing high profile, high traffic web sites, is another way of spreading the malware. In such cases people visiting their trusted websites becomes the carrier of the viruses and Trojan. Also infiltrated ad networks can be used for distribution of the infection. In this criminals do not hack the website but exploit code without the knowledge of the webmaster of those sites.
The risk of getting infection from HTTP rather than SMTP is increasing. As a result companies should scan their web traffic for malware and filter their FTP traffic. MBR rootkit is a good example of criminals having both the funds and the high level expertise to develop such complex attacks.
Further F-Secure is also warning about the possibility of MBR rootkits targeting several online banks. Also mobile phones are under attack. Recently the first random Trojans for smartphones have been found in China. Kiazha is the first Trojan found on smartphone, which infects the device by downloading a shareware look-alike program on the phone. This download drops several known older viruses on the phone and then it sends a message stating users can only get the phone fixed by transferring the equivalent of seven dollars to the attackers through an online payment system.
Beselo is an example of virus or Trojan spreading through MMS and Bluetooth by using a novel form of social engineering to trick users into installing an incoming SIS application installation file. It uses common file extensions such as beauty.jpg, and love.rm, and users believe that they are receiving a picture or sound file instead of a Symbian application. There is one more malware called HatiHati, which is distributed via MMC cards. It installs itself in the device and starts sending SMS messages to a predefined number, which can prove very expensive for users.
One must take care of his/her gadgets from such viruses and Trojan in this age of spreading malwares.