Threat Analysis Series: Top Malware Review

We recently released a list of the most commonly searched-for threats on Metascan Online. This post will use the information on that page to further our threat research.

One of the difficulties we had in putting together a list of the most searched-for threats on Metascan Online was determining how to label the threats. Malware naming can often be different across anti-malware vendors and thus it can be difficult to compare results for a particular threat. In addition, a casual observer may not be able to gather additional information about the threat simply by looking at its name. To help make sense of the list of common threats we put together on Metascan Online, we went ahead and did the work for you. We looked at the top 10 threats and compiled additional details about them so they're easier to analyze and understand.



Threat Naming Standards



While there is no standard naming convention for malware in the industry, there are some generally-used naming standards across vendors, such as the platform the malware is designed to run on, the type of malware it is categorized as, or the malware family it belongs to. Here are a few examples, taken from the Upatre outbreak mentioned in a previous post:

TrojanDownloader:Win32/Upatre

TrojanDownloader.Upatre.r3

Trojan-Downloader.Win32.Upatre.eyl

If you want to see a few examples of the threat naming process for different anti-malware vendors, you can take a look at the resources below:

Threat naming conventions are usually specific to a particular anti-malware vendor (with the exception of CARO which takes a more holistic approach). Because of this variation, we went ahead and made things simpler, by providing a more readable way of showing the threats. The data is summarized using a collection of sources listed at the end of this post.

Top 10 Searched Threats This Week



In order to learn more about the top searched threats this week, we selected a few threat names from engines that detected a threat and then searched for that threat online on various documented collections from anti-malware companies, blog posts, etc. From there, we went through the information in order to better understand threat descriptions and behavior. After reading this information, we were able to determine the threat type and severity. Links to the references we used are provided at the end of this post.

SHA256 Threat Name Type* Severity* Detection (out of 43 Engines) Action Performed A84E4FAFFBFC886AE15E49CF4F38B21BC8F2354EF573B78FA0090E596B64981C Blacole Trojan Severe 24 Trojan that exploits a vulnerability in the Java Runtime Environment. Intended to steal information on computer (passwords, email, online accounts) 4BE24A10114ABCBB48060354BC4A989F40E6AF67FD4663B3836CB4F557FF2703 Madang Virus Severe 16 Windows virus that infects .exe and .scr files 89E27DB4337FD500095AFA78A60FA9C794D44B99E270E0620606F617D1EB6378 DomalQ PUP Medium 31 Windows PUP (Adware) that installs software, displays popups, etc. B7B2229140124DA77DB2A76CBD936CBD0AD9F96B159298B5037FC6C9A90841CF InstallRex PUP Medium 28 PUP that contains adware and installs toolbars 3C85BF3A590AB4D7DAB0975C8954E63AA3352CFEEFFF2CAA41A1EF4D438E4544 InstallCore PUP Medium 17 Software that installs additional unwanted software (such as advertisements, toolbars, etc.) 9329CE85946F4767BD79876C68E54FDAD031AD7ADD64DADE71F8E9E49EF11424 Blacole Trojan Severe 21 Trojan that attempts to infect PC with other Trojans and viruses E8ADA92EE32A1754FD9EEA920A6D192D5811FAFB6C3F239C484AB9FB80582512 Ramnit Virus Low 38 Virus that downloads other malware. Creates a backdoor. E5AC415C65B8ED457F978325818402345DA3031BA04778D222C634FC5FBE652E Vobfus Trojan Sereve 36 Trojan that infect files downloaded from the internet. This can also be considered worm-like behavior 87B1F4E69E239FB15B5F4EE42C8417C1FAC87A69DAE43E48DF807EB7D432E88D Expiro Virus Severe 32 Virus that infects files. It can allow a hacker to access the PC and steal stored user names and passwords 96D28209CB3A8AB704BF37AF4816F260D1042450A607D8BC4F2A3172124468D4 Online Game Password Stealer Severe 34 Steals Passwords

Key Takeaways:



Viruses, Trojans, and PUPs (potentially unwanted programs) are the most prevalent in this list. In the case of PUPs, this can indicate how this category, while not specifically malware, is very prevalent on users' systems today.

Although only one Password Stealer made the top 10, the impact of a possible infection is still labeled as Severe

The majority of threats fall into the Severe category. Given that the majority of these hashes come from files that still exist on a users' system today demonstrates how widespread the particular threats are.

Although not shown in this chart, all 10 threats were first uploaded to Metascan Online over a year ago. Even after so much time has passed, these threats are still making a current appearance in files. This demonstrates that even old threats can be dangerous.

To check out more of the most-searched for threats on Metascan Online, visit the new statistics page.

This is the first post in an ongoing series covering the types of threats that we show in our list of most searched-for threats on Metascan Online. Check back for additional posts, or subscribe to our blog so that you won't miss upcoming research!

References:



1. Microsoft resource on Blacole Trojan

2. McAfee resource on Blacole Trojan

3. Malware Tips resource on Blacole Trojan

4. Microsoft resource on Madang Virus

5. ESET Resource on Mandang Virus

6. Microsoft resource on DomalQ PUP

7. Malware Tips resource on DomalQ PUP

8. Avira resource on DomalQ PUP

9. Sophos resource on InstallRex PUPInstallRex PUP

10. Malware Tips resource on InstallRex PUPInstallRex PUP

11. Sophos resource on InstallCore PUP

12. AVG resource on InstallCore PUP

13. AVG resource on InstallCore PUP

14. Microsoft resource on Blacole Trojan

15. F-Secure resource on Blacole Trojan

16. McAfee resource on Ramnit Virus

17. Microsoft resource on Ramnit Virus

18. Panda Security resource on Ramnit Virus

19. Microsoft resource on Vobfus Trojan

20. Lavasoft resource on Vobfus Trojan

21. Microsoft resource on Vobfus Trojan

22. Sophos resource on Expiro Virus

23. Microsoft resource on Expiro Virus

24. Microsoft resource on OnlineGame

Our second post in this series, Threat Analysis Series: Top Malware Review (Part II), is now available. Find out what the most recent top threats are!