Multifunctional worm is cybercriminals' weapon of choice in January

11 Feb 2011
Virus News

The emergence of Email-Worm.Win32.Hlux dominated the malware landscape in January according to Kaspersky Lab, who has just announced the publication of its latest Monthly Malware Statistics.

This new worm spreads via emails containing malicious links that prompt users to install a fake Flash Player, purportedly to view an e-card. The link leads to a dialogue window that asks if the user agrees to download a file. Regardless of the response, the worm attempts to penetrate the system. In addition to propagating via email, Hlux has bot functionality and adds infected computers to a botnet before connecting to its command centre and executing its commands, which are primarily directed at sending pharmaceutical spam.

Another worrying trend in January was the growth in popularity of exploiting an online service or product. In January, a web page was detected that offered users the chance to install an updated version of Microsoft Internet Explorer and to activate it by sending an SMS to a premium-rate number.

The report also highlights how Kaspersky Lab detected a Trojan dropper masquerading as a key generator for the company's products. This program typically works by launching two malicious programs. One of them steals program registration data and passwords for online games. The second is backdoor software that also has keylogger functionality.

In January, Kaspersky Lab experts witnessed the mass distribution of malicious short links on Twitter. After a number of redirects, the attention-grabbing links led users to a page promoting a rogue AV program.

"The majority of malware will attempt to conceal its presence on users' computers and function without the users' knowledge, especially the more sophisticated types. Cyber fraud, however, requires the participation of users. To prevent users falling victim to the various scams out there, it's very important that they know about them," warns Vyacheslav Zakorzhevsky, the author of the report.

For a complete version of Kaspersky Lab's January malware report, please visit www.securelist.com