Kaspersky announced the publication of the monthly malware statistics for September 2010. In addition to the arrest of members of criminal groups have recently associated with Zeus botnets, new malicious programs are still emerging and supported its spread. Zeus has become one of the spy program most used and best selling on the black market online mainly because of the ease in the family of Zeus Trojan that can be configured to steal data online.
Virus.Win32.Murofet detected in early October to produce a domain name which is then used to distribute Zeus botnets. Links to download and mengesekusi Zeus files generated by using the date and time on the victim's computer. The virus is obtain year, month, day and minute of the system, producing two double words, adding one of several zones of the popular domain, add "/ forum" to the end of the string and use it as a link.
"This malware shows how creative and excited Zeus developers in their creation spread around the world," said Vyacheslav Zakorzhevsky, Senior Virus Analyst at Kaspersky Lab and author of this report preformance Kompas.com press release received last weekend.
Trickery
Another trend seen in October of sustained growth in the popularity of fake archiving program. These programs usually disguise themselves as freeware or tools to remove license protection of legitimate software. Once users run the archiving program fakes, they are asked to send SMS to premium numbers so that they can access the file contents. In most cases, after a message is sent, the user receives instructions on how to use the torrent tracker and / or link to it.
"There are various scenarios hoax, but the result is always the same," said Vyacheslav Zakorzhevsky. "The victim will eventually spend the money and do not get the files they want. This type of fraud is relatively new and only revealed a few months ago. Since then, it has attracted the interest of cyber criminals." More than one million experimental infection has been detected by Kaspersky Lab each month since July 2010.
The experts at Kaspersky Lab warns users again to be more careful when surfing the Internet and refrain from visiting the web resource that looks suspicious. Trojan.JS.FakeUpdate.bp, a script from FakeUpdate family that usually appear on porn sites are at the top. When users click on a video clip, a popup window appears and informs the new media player must be installed to be able to view the testimonial. Player also contains a Trojan that modifies the file 'hosts'.
Trojan is associated with a number of popular sites with the local IP address and install a local web server on the infected computer. After this, every time a user tries to access to one site, a page will appear in the browser to ask users to pay for adult content being viewed. by: kompas.com
