AhnLab announces top 7 security issues of the 3rd quarter
According to this report 16,768 new malicious codes and spywares were newly discovered until the 3rd quarter of this year, 2.6 times increase over the same period of the previous year (Tables 1 and 2). This sudden upsurge is attributed to the ease of making these malicious codes, and the continued making and sharing of tools for using these malicious codes for automated attacks.
Other issues on the top 7 list are ♦ the rampancy of foreign fake vaccines ♦ the upsurge of foreign spyware ♦ intelligent attacks on websites ♦ Increasing malicious codes taking advantage of the vulnerabilities of PDF, DOC and PPT files ♦ increased activity of BotNets triggering DDoS ♦ first report of DNS cache poisoning attack codes ♦ Continued casualties due to traditional viruses.
1) Foreign fake vaccines are rampant
‘Fake vaccines’ are running amuck. At first they are installed under the disguise of a vaccine program, and then send spam mail or install other malicious codes. Foreign fake vaccines have been discovered in dribs and drabs since earlier this year, and it started to sharply increase in the 3rd quarter. 25 fake vaccines were discovered in the first half, and 75 were detected in the 3rd quarter alone, totaling 100. These fake vaccines have such names as AntivirusXP 2008, AntivirusXP 2009, VistaAntivirus 2008, WinXSecurityCenter and XPProtector2009, deceiving users as if they were normal vaccines. Users need to be extra careful.
These fake vaccines capitalize on malicious codes and fake codec programs to display false security warning windows or popups, and give a false diagnosis saying malicious codes have been detected, inducing users to install these phony vaccines. As they are installed through irregular paths, they are hard to diagnose, and users are very likely to be re-infected by other malicious codes even after deletion.
The most damage was done by AntivirusXP2008 (V3 name Win-Trojan/Fakeav.variant). As this virus blocked any access to it to prevent detection and removal by a vaccine, some vaccines cannot even diagnose it, or simply detects it but offers no cure. AhnLab is offering a dedicated vaccine capable of detecting and deleting AntivirusXP2008, and other malicious codes that cause reinfection by AntivirusXP2008 (http://kr.ahnlab.com/info/download/dwVaccineList.ahn).
2) Upsurge of foreign spywares
The number of spywares made and distributed in Korea declined in the 2nd half, while foreign spywares are rapidly rising. In January homemade spywares accounted for 60% of all, but continued to dwindle, dropping to 11% in September. The decline of domestic spyware seems to be ascribed to the crackdown on local spyware makers in the first half of this year, and the classification of anything installed by ActiveX without the consent of the user as spyware from the end of 2007.
However, many domestic programs are not classified as spyware, but considered harmful. As many reward programs or toolbar programs are installed with the consent of the user, they are not classified as spyware, but they contain functions likely to invade the privacy of users.
Foreign spywares are introduced to Korea through adult sites and spam mails, causing much harm. Some of them induce users to install fake video codecs, and if they install them, several fake vaccines and anti-spywares are installed without the consent of the user. Besides, some are installed under the disguise of altered versions of commercial programs, or the vulnerabilities of application programs are used to install them. Systems infected with these spywares may cause other users harm by sending spam mails in large quantities.
3) Intelligent attacks on websites
Website attacks originating from China, which began in earnest from earlier this year, continue into the 3rd quarter. Websites are hacked for distribution of malicious codes, or used as gateways. The number reached 2,876 in the 3rd quarter, surpassing 2,183, the number recorded for the entire year of 2007. Also, according to ‘AhnLab SiteGuard (www.siteguard.co.kr),’ a free dangerous site blocking service, 12,236 websites are exposed to danger as of October 9.
Meanwhile, website attacking methods are becoming diversified as new vulnerabilities are discovered. Also, website attacks are getting so intelligent as to bypass the detection system. Many new attacks are taking advantage of SQL injection and utilizing new vulnerabilities, such as the vulnerabilities of the Adobe Flash Player and the MS-access snapshot viewer.
4) Malicious codes taking advantage of the vulnerabilities of PDF, DOC and PPT files are on the increase
Recently reported vulnerabilities are mostly found in popular applications, such as PDF, DOC, PPT and HWP, rather than services and systems. Malicious files that capitalize on the vulnerabilities of normal files keep emerging like mushrooms. In August PDF files abusing the vulnerabilities of Adobe PDF Reader, and HWP files abusing some of the functions of HWP 2007, and Office files abusing the vulnerabilities of MS Word and PowerPoint were reported. If you execute these files, fake vaccines are installed or you will be attacked by ARP spoofing. You should be on the lookout as these malicious files are distributed through websites or emails.
5) Increased activity of BotNets triggering DDoS
The activity of BotNets, inducing DDoS (distributed denial of service) attacks or used to send spam mails, keeps increasing. A BotNet refers to a network of several computers infected by a malicious code called Bots. Computers with Bots installed are controlled by the malicious attacker, and the attacker engages in DDoS (distributed denial of service) attacks that shut down server, and commits a crime, i.e. extorting money by sending spam mails.
6) DNS cache poisoning attack code is first reported
During the 1.25 Internet chaos that occurred back in 2003, the importance of the DNS server was engraved on our mind. Last July a DNS vulnerability (DNS Cache Poisoning), which is likely to be as widespread as the 1.25 Internet chaos, and its attack code were disclosed. The DNS cache poison attack inserts wrong information in the cache of the DNS server. A single successful attack may intercept the personal information of all PCs using the data on the server, or malicious acts like distributing malicious codes. A thoroughgoing defense against this attack is needed.
7) Continued virus casualties
While malicious files containing vulnerabilities and malicious codes stealing online game accounts are still rampant, traditional file viruses infecting exec files continue to cause much harm. In particular, the variants of the Win32/Kashu.B virus continued to increase. If the memory is not disinfected, you will be reinfected by this virus. It is so difficult to detect and remove. Like the CIH virus that created havoc across the country on April 26, 1999, the Win32/Huhk.C virus records itself in the empty space of a file so that the file size does not increase after infection.
Meanwhile, in August, malicious codes aiming at the Beijing Olympic ‘boom’ became an issue in foreign countries like China. These malicious codes installed malicious codes while showing the Olympic stadium in a slide show, or executed malicious codes or led users to malicious sites while talking about social issues in China.
Mr. Sihaeng Cho of the AhnLab Security Emergency Response Center said with emphasis “malicious codes use many intelligent methods to disguise themselves. This year’s method is disguise as a vaccine. To protect information from security threats that are becoming more intelligent day after day, people from every nook and corner of society, including individual and corporate users, Internet service providers, security service providers and the Government, must make efforts. In particular, the role of professional security service providers equipped with technical know-how and an emergency response system is becoming more important.”
웹사이트: http://www.ahnlab.com
연락처
BC,Lee PR Specialist Communication Team Tel. +82-2-2186-7955 Mobile. +82-10-6430-8716 e-mail: 이메일 보내기
이 보도자료는 AhnLab, Inc가(이) 작성해 뉴스와이어 서비스를 통해 배포한 뉴스입니다. 뉴스와이어는 편집 가이드라인을 준수합니다.
