Trend Micro recently discovered a new malware family, classified as PE_VIRLOCK and designed as a combination of two different types of malicious code. The first type is related to a past when we still talked about computer “viruses” and not cyber-crime, while the second one is one of the most successful malware-based businesses of the past years. VIRLOCK is a ransomware which is capable of spreading through file virus techniques, and the worst part is that its evolution isn’t complete yet.
In an age where malicious code has turned into cyber-crime and ransomware is asking for lot of money to unlock the access to user’s files, a particular class of malware with ancient origins is still able to survive - even though it’s forced to serve the needs of the aforementioned crime. The class I am talking about is the virus or file virus one, a type of digital pathogen that raged in the MS-DOS times and then began to slowly wane when Windows appeared and Internet worms brought their worldwide epidemics.
The CryptoLocker ransomware is still raging on-line and on users and companies computers, while new details about the source of this dangerous file-abducting trojan propagation come out and willing developers are trying to hinder the infection spreading. The criminal gang which created the malware even comes up with new ways to take money from users affected by the threat, even though in doing so it is forced to contradict itself.
Trend Micro, a Tokyo-based security enterprise with over 4,000 employees in more than 30 countries, has recently asked the experts from TrendLabs (its global research organization) to make an updated list of the worst computer plagues ever. The resulting list includes 5 noteworthy examples of widespread infections which represented, during their respective period of wider circulation, the most dangerous security threats users and companies could have faced.
File viruses are only a small part of nowadays malicious code diversified landscape, and yet these ancient malware designed to infect legitimate software by parasitizing its executable routines continue, every now and then, to hit the headlines with news worth the attention. The latest couple of examples of this remarkable endurance ability affects an old but still popular development environment and the most known among CAD (Computer Aided Design) programs.
More than a week after the 1st of April, the day when the Internet stood still because according to the press the Conficker/Downup/Downadup/Kido worm could have destroyed the net, the infrastructures, civilized mankind and the entire planet things are going more or less as usual: Internet remains a dangerous place but it hasn’t exploded like a supernova, and bits are flowing quickly from a part to another one of the planet. The true novelty is that the botnet built up by one of the most complex malware ever finally shows what its true purpose is.
As previously highlighted, traditional viruses, the ones that nowadays are generally defined as “file viruses” and target executable programs parasitizing and exploiting them as a medium for their propagation, even though reduced to a marginal component of the crowded zoo of beasties making up modern malware aren’t vanished at all. A confirmation of this is the fact that, after the Sality case, new parasitic viruses families have in the past days caught the attention of experts and security firms.
The Conficker worm, also known as Downup, Downadup or Kido, is floating around since October 2008. Security firms know it pretty well, and in the past days the malware has become known as much well to users too having infected a significant amount of machines all over the world. We have returned to the “good” old times of Sasser, Blaster and Mydoom outbreaks, and the already worrisome proliferation of the worm threatens to get even worse because of some conditions that increasingly support its spreading.
Trend Micro security enterprise has ranked the attack vectors exploited by the 100 most widespread malware from January to November 2008, and the results speak by themselves: among all the possible infection ways Internet is absolutely the most used (or better still abused) one by worms, trojans and other types of digital pathogenetic agents constantly hunting for victims and unprotected systems to compromise.
A dangerous malware breed skilled in cryptographic techniques is coming back under the spotlight. Trend Micro has spotted in the wild a new Gpcode variant, the trojan that since 2005 has let everybody know the meaning of the world ransomware, that is a type of malware expressly designed to encrypt the user’s data files asking afterward for a money ransom to restore them.