View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 9, 2014updated 22 Sep 2016 2:23pm

5 viruses to be on the alert for in 2014

Could your computer already be infected?

By Duncan Macrae

Cybercrime causes a good share of cyber-security incidents. Symantec estimates that cybercrime victims worldwide lose around €290 billion each year, while a McAfee study put cybercrime profits at €750 billion a year.

It is estimated that there are more than 150,000 computer viruses in circulation every day and 148,000 computers compromised daily. Here are some of the viruses you should be particularly wary of this year.

Cryptolocker

This particularly nasty virus, first discovered in September 2013, is a Trojan Horse ransomware that targets computers running Microsoft Windows. A CryptoLocker attack can come from various sources – one such is disguised as a legitimate email attachment.

When activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware’s control servers.

The malware then displays a message offering to decrypt the data if a payment (through either Bitcoin or a pre-paid voucher) is made by a stated deadline. It threatens to delete the private key if the deadline passes. If the deadline is not met, the malware will then offer to decrypt data via an online service provided by the malware’s operators, for a significantly higher price in Bitcoin.

Alureon or TDSS

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Alureon (also known as TDSS) is a Trojan and bootkit designed to, amongst other things, steal data by intercepting a system’s network traffic and searching it for usernames, passwords and credit card data.

PCs usually get infected by manually downloading and installing Trojan software, and Alureon has been seen bundled with the rogue security software Security Essentials 2010. When the dropper is executed, it first hijacks the print spooler service (spoolsv.exe) to write a filesystem boot sector at the end of the disk and changing the master boot record to execute this bootstrap routine. It will then infect low level system drivers such as those responsible for PATA operations (atapi.sys) to implement its rootkit. It also manipulates the Windows Registry to block access to Windows Task Manager and the desktop, blocks access to Windows Update and attempts to disable some anti-virus products.

 

 

 

Zeus

This botnet toolkit creates malware and is mainly used to collect data and steal identities and bank information. Zeus is particularly difficult to deal with is it is not just one botnet – it can create others to steal any data stored on your computer.

It is primarily spread through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009.

 

 

Trojan:Win32/fakesvsdef

This is a Trojan Horse targeting the Microsoft Windows operating system that was first documented in late 2010. It was originally dispersed as an application called "HDD Defragmenter" hence the name "FakeSysdef" or "Fake System Defragmenter."

Win32/FakeSysdef manifests as one or more of an array of programmes that purport to scan your computer for hardware failures related to system memory, hard drives and system functionality as a whole. They scan the computer, show false hardware issues, and present a remedy to defrag the hard drives and fine-tune the system performance. They then request, from the user, a payment in order to download the repair update and to activate the program in order to repair these contrived hardware issues.

 

 

 

Zeroaccess

Also known as max++ and Sirefef, this is a rootkit responsible for botnet spread throughout millions of Microsoft Windows operating systems since 2009. It is used to download other malware on an infected machine and to form a botnet mostly involved in Bitcoin mining and click fraud, while remaining hidden on a system using rootkit techniques. Machines involved in Bitcoin mining generateBitcoins for their controller, while the machines used for click fraud simulate clicks on website advertisements paid for on a pay per click basis.

 

 

 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU