10 malicious programs in 2010





Tenth place. SMS-service

At the last place ranking top 10 "Doctor Web" have settled psevdouslugi. Often attackers offer users a small amount of interesting and it is often illegal content. Payment for such "information" - typically an SMS-message cost several tens of hryvnia. At the same time as the "goods" can offer the most fantastic things - from private information on users of social networking content to the secret archives of the security services. The quality of these services is often questionable. Moreover, often the promise is commonplace bluff - the attackers simply give nothing in return sent money, the company stressed. Links to sites that use this scheme of fraud, usually distributed through advertising banner networks through sites with free content.

Ninth place. False archives

In ninth place in the list - false archives (Trojan.SMSSend). Cybercriminals create a fake torrent trackers or fake file storage, from which supposedly can download popular content (music, movies, e-books). As a result, these resources appear in the first lines of popular queries in search engines. Taking advantage of this resource, the victim of fraud thinks that downloads the file with him interesting information. In fact, "archive" is an executable file that looks very much like a self-extracting archive. Unlike such records from this it is that in the process of "unpacking" at some point the user displays information that for closure unpacking pay a certain sum of money. In fact, the user is deceived twice - sends money attackers and did not get any useful information. The archives do not contain anything other than a graphical environment and waste, and their size (apparently to lull the vigilance of users) can reach 70 MB or more, said "Doctor Web».

Eighth place. Blockers download

Eighth place in the ranking went to boot blockers (Trojan.MBRlock). According to the company, in November 2010, there were spread blocker which is prescribed when the infection into the loading area of ​​the hard disk, thereby blocking the loading of the operating system. When you turn on the computer to the user's screen displays information to the requirements of intruders.

Seventh place. Blockers ICQ

In turn, the seventh occupy blockers launch IM-clients (Trojan.IMLock). For several months in 2010 cybercriminals spreading malware, which blocked entry of popular instant messaging client. Under attack proved users ICQ, QIP and Skype. Instead of a blocked IM-client window is displayed similar to the interface is disabled by, stating that the restoration of access to the relevant service needs to send a paid SMS-message.

Sixth place. False antivirus

Rogue AVs (Trojan.Fakealert) located on the sixth place of the list. Outwardly, they look like the popular anti-virus software, and often their design is reminiscent of several anti-virus products. But nothing in common with these malicious antivirus programs do not have. Once installed in the system, such "anti-virus" immediately reported that the system is supposedly infected (partly true), and for the treatment of the alleged need to purchase the paid version of the antivirus program.

Fifth place. Fake sites

On the fifth line rating of "Doctor Web" - redirectors to malicious sites (Trojan.Hosts). According to the company, these malicious programs are created by hackers to change the system hosts file so that when you try to visit the popular site (for example, one of the most popular social networks) to the Internet browser displays a fake site with a design similar to the original. At the same time with full access for the user will be required money that can leave attackers.

Fourth place. Local sites

Redirectors to a local web server (Trojan.HttpBlock) got on the fourth line rating. Unlike Trojan.Hosts, these malicious programs after infection, redirect the user to a page that generates a locally installed on the Web server computer. In this case, the attackers facilitate his task of finding host that does not remove the malware from their website addresses to the user's computer infection victim.

Third place. Encrypting

The top three ranking includes data coders (Trojan.Encoder). According to the "Doctor Web" in 2010, a host of new modifications of Trojans, cryptographers, the purpose of which is user documents. After the Trojan encrypts documents, displays information that is necessary for deciphering the attackers to send money.

Second place. Lock Windows

The second row is occupied dozens blockers Windows (Trojan.Winlock), which hold the tension of users and experts antivirus companies since the autumn of 2009. By the Windows blockers include malicious software that displays a window (blocking other windows) with the requirements of the intruders. Thus, the user is deprived of the opportunity to work at the computer until you pay for the unlock. During the outgoing year specialists of "Doctor Web" fixed several peaks spread "Winlock" but the active dissemination of new modifications of malicious software continues today.

First place. Banking viruses

Finally, the first "hit parade" of the company "Doctor Web" has got banking Trojans (Trojan.PWS.Ibank, Trojan.PWS.Banker, Trojan.PWS.Multi). This category of malicious programs are those that are focused on obtaining unauthorized access to the accounts of malicious individuals and legal entities through e-banking systems. According to the company, the latter is now rapidly gaining popularity, and criminals seeking to take advantage of this popularity. "Perhaps in 2011 we will witness the displacement areas of interest of Internet fraud with private users for legal entities, which account for a much more focused considerable sums of money", - the report says, "Doctor Web».

Other notable events of 2010 - the first appearance of the 64-bit rootkit family BackDoor.Tdss, which, according to the "Doctor Web" infect 64-bit Windows OS via bootkit components. Using bootkits in multicomponent malware is becoming more extensive form. In addition, the continued increase of malware for Android and other mobile systems.