Heimdal ™ Our threat is back with the May edition of the victim journal. As you might have expected, King Trojan reigns unhindered with over 16,000 positive identities. There are a few newcomers out there, some of whom might even make our uncrowned king run for his money. Stay tuned for more information and goodies. Enjoy!
Top Malware (s) Detection: 1st May – 27M May’s
Throughout the month of May, Heimdal ™’s SOC team identified 16 Trojan variants, with a total of 16,738 positive detections – a 55.19% decrease compared to April, when a historic high of 25,976 positive detections was recorded. In terms of distribution, we have 11 new ones and 20 backsliders. TR / Rozena / jrrvz racked the highest number of positive IDs (i.e., 2675), followed by TR / CoinMiner.uwtyu with 2316 positive IDs and EXP / MS04-028.JPEG.A with 2280 hits. Here is the complete list of May detections.
| The name of the malware | Positive identification |
|---|---|
| TR / Rozena.jrrvz | 2675 |
| TR / CoinMiner.uwtyu | 2316 |
| EXP / MS04-028.JPEG.A | 2280 |
| TR / Rozena.rfuus | 1635 |
| TR / Trash.Zen | 1600 |
| TR / Patched.Zen | 1439 |
| TR / AD.GoCloudnet.kabtg | 1398 |
| EXP / CVE-2010-2568.A | 969 |
| TR / Downloader.Gen | 958 |
| TR / CoinMiner.wmstw | 919 |
| TR / PSInject.G1 | 916 |
| VBS / Dldr.Agent.VPET | 801 |
| W32 / Run.Ramnit.C | 778 |
| TR / Dropper.Jenner | 754 |
| ACAD / Bursted.AN | 698 |
| TR / Crypt.XPACK.Gen | 667 |
| TR / AD.Swotter.lckuu | 512 |
| W32 / Floxif.hdc | 437 |
| ADWARE / ANDR.Bomp.FJAM.Gen | 383 |
| ACAD / Burste.K | 308 |
| TR / Crypt.XPACK.Gen2 | 295 |
| TR / dropper.Gen5 | 269 |
| W32 / Chir.B | 265 |
| WORM / Brontok.C | 224 |
| W32 / Sality.Y | 214 |
| Adware / jspounder.g | 199 |
| W32 / can | 199 |
| TR / AD.Swotter.fgqir | 195 |
| TR / Dropper.tfflr | 190 |
| EXP / PyShellCode.G | 182 |
Top 10 Malware Details
Let’s turn to cover those new identities
TR / Trash.Zen
TR / Trash.Gen is a Trojan-type malware that is usually compressed by visiting unsafe pornographic websites. Trash.Gen can install backdoors, increase CPU usage, and install adware.
TR / PSInject.G1
PSInject.G1 is a PowerShell scrip-carrying Trojan that accesses multiple commands such as new-object, out-null, test-path, where-object, right-output, and right-verbos.
VBS / Dldr.Agent.VPET
Dldr.Agent.VPET is a Trojan downloader. It is used to inject and execute malicious VBS scripts on hunting machines.
TR / AD.Swotter.lckuu
An adware-carrying Trojan is used to collect host and network data from infected machines.
ACAD / Burste.K
A ‘Trojanized’ virus that infects the ACAD .lsp file. After infection, the virus waits for user input to load the files.
TR / dropper.Gen5
A Trojan dropper is used to install backdoors, provide additional malware material, or listen to victims.
WORM / Brontok.C
.C form of Brontak worms. This malware has been distributed via email. Once inside the machine, it will create a new Windows registry entry, disable regedit.exe and change several Windows Explorer settings.
W32 / Sality.Y
The .Y version of the salinity virus is used to install backdoors or to connect the victim’s computer to a botnet.
Adware / jspounder.g
An adware-type malware. May display malicious popups or ads on affected machines.
Additional cybersecurity tips and separation thoughts
This marks the end of the May issue of Heimdal শিকার a security threat journal. Before I go, I’ll share with you a few tips on how you can increase your security.
- Scanning frequency. No device-scanning policy? Well, now would be a good time to do one.
- Improved AV protection. Some types of malware do not appear on regular AV scans. If so, I’d encourage you to give it a try Himdal ™ Next-Gen AV and MDMA solution rather than a combination of top-level detection rates, brute-force detection and security features, and more.
- Phishing. You know, most malware is sent via email. So, if it seems suspicious, it is probably dangerous and therefore should not be opened.
If you liked this article, follow us LinkedIn, Twitter, Facebook, YouTubeAnd Instagram For more cyber security news and topics.
