We recently released a list of the most commonly searched-for threats on Metascan Online. This post will use the information on that page to further our threat research.
One of the difficulties we had in putting together a list of the most searched-for threats on Metascan Online was determining how to label the threats. Malware naming can often be different across anti-malware vendors and thus it can be difficult to compare results for a particular threat. In addition, a casual observer may not be able to gather additional information about the threat simply by looking at its name. To help make sense of the list of common threats we put together on Metascan Online, we went ahead and did the work for you. We looked at the top 10 threats and compiled additional details about them so they're easier to analyze and understand.
Threat Naming Standards
While there is no standard naming convention for malware in the industry, there are some generally-used naming standards across vendors, such as the platform the malware is designed to run on, the type of malware it is categorized as, or the malware family it belongs to. Here are a few examples, taken from the Upatre outbreak mentioned in a previous post:
- TrojanDownloader:Win32/Upatre
- TrojanDownloader.Upatre.r3
- Trojan-Downloader.Win32.Upatre.eyl
If you want to see a few examples of the threat naming process for different anti-malware vendors, you can take a look at the resources below:
- http://www.caro.org/articles/naming.html
- http://www.microsoft.com/security/portal/mmpc/shared/malwarenaming.aspx
- https://support.avira.com/hc/en-us
Threat naming conventions are usually specific to a particular anti-malware vendor (with the exception of CARO which takes a more holistic approach). Because of this variation, we went ahead and made things simpler, by providing a more readable way of showing the threats. The data is summarized using a collection of sources listed at the end of this post.
Top 10 Searched Threats This Week
In order to learn more about the top searched threats this week, we selected a few threat names from engines that detected a threat and then searched for that threat online on various documented collections from anti-malware companies, blog posts, etc. From there, we went through the information in order to better understand threat descriptions and behavior. After reading this information, we were able to determine the threat type and severity. Links to the references we used are provided at the end of this post.
| SHA256 | Threat Name | Type* | Severity* | Detection (out of 43 Engines) | Action Performed |
A84E4FAFFBFC886AE15E49CF4F38B21BC8F2354EF573B78FA0090E596B64981C | Blacole | Trojan | Severe | 24 | Trojan that exploits a vulnerability in the Java Runtime Environment. Intended to steal information on computer (passwords, email, online accounts) |
| 4BE24A10114ABCBB48060354BC4A989F40E6AF67FD4663B3836CB4F557FF2703 | Madang | Virus | Severe | 16 | Windows virus that infects .exe and .scr files |
| 89E27DB4337FD500095AFA78A60FA9C794D44B99E270E0620606F617D1EB6378 | PUP | Medium | 31 | Windows PUP (Adware) that installs software, displays popups, etc. | |
| B7B2229140124DA77DB2A76CBD936CBD0AD9F96B159298B5037FC6C9A90841CF | InstallRex | PUP | Medium | 28 | PUP that contains adware and installs toolbars |
| 3C85BF3A590AB4D7DAB0975C8954E63AA3352CFEEFFF2CAA41A1EF4D438E4544 | InstallCore | PUP | Medium | 17 | Software that installs additional unwanted software (such as advertisements, toolbars, etc.) |
9329CE85946F4767BD79876C68E54FDAD031AD7ADD64DADE71F8E9E49EF11424 | Blacole | Trojan | Severe | 21 | Trojan that attempts to infect PC with other Trojans and viruses |
| E8ADA92EE32A1754FD9EEA920A6D192D5811FAFB6C3F239C484AB9FB80582512 | Ramnit | Virus | Low | 38 | Virus that downloads other malware. Creates a backdoor. |
| E5AC415C65B8ED457F978325818402345DA3031BA04778D222C634FC5FBE652E | Vobfus | Trojan | Sereve | 36 | Trojan that infect files downloaded from the internet. This can also be considered worm-like behavior |
| 87B1F4E69E239FB15B5F4EE42C8417C1FAC87A69DAE43E48DF807EB7D432E88D | Expiro | Virus | Severe | 32 | Virus that infects files. It can allow a hacker to access the PC and steal stored user names and passwords |
| 96D28209CB3A8AB704BF37AF4816F260D1042450A607D8BC4F2A3172124468D4 | Password Stealer | Severe | 34 | Steals Passwords |
Key Takeaways:
- Viruses, Trojans, and PUPs (potentially unwanted programs) are the most prevalent in this list. In the case of PUPs, this can indicate how this category, while not specifically malware, is very prevalent on users' systems today.
- Although only one Password Stealer made the top 10, the impact of a possible infection is still labeled as Severe
- The majority of threats fall into the Severe category. Given that the majority of these hashes come from files that still exist on a users' system today demonstrates how widespread the particular threats are.
- Although not shown in this chart, all 10 threats were first uploaded to Metascan Online over a year ago. Even after so much time has passed, these threats are still making a current appearance in files. This demonstrates that even old threats can be dangerous.
To check out more of the most-searched for threats on Metascan Online, visit the new statistics page.
This is the first post in an ongoing series covering the types of threats that we show in our list of most searched-for threats on Metascan Online. Check back for additional posts, or subscribe to our blog so that you won't miss upcoming research!
References:
1. Microsoft resource on Blacole Trojan
2. McAfee resource on Blacole Trojan
3. Malware Tips resource on Blacole Trojan
4. Microsoft resource on Madang Virus
5. ESET Resource on Mandang Virus
6. Microsoft resource on DomalQ PUP
7. Malware Tips resource on DomalQ PUP
8. Avira resource on DomalQ PUP
9. Sophos resource on InstallRex PUPInstallRex PUP
10. Malware Tips resource on InstallRex PUPInstallRex PUP
11. Sophos resource on InstallCore PUP
12. AVG resource on InstallCore PUP
13. AVG resource on InstallCore PUP
14. Microsoft resource on Blacole Trojan
15. F-Secure resource on Blacole Trojan
16. McAfee resource on Ramnit Virus
17. Microsoft resource on Ramnit Virus
18. Panda Security resource on Ramnit Virus
19. Microsoft resource on Vobfus Trojan
20. Lavasoft resource on Vobfus Trojan
21. Microsoft resource on Vobfus Trojan
22. Sophos resource on Expiro Virus
23. Microsoft resource on Expiro Virus
24. Microsoft resource on OnlineGame
Our second post in this series, Threat Analysis Series: Top Malware Review (Part II), is now available. Find out what the most recent top threats are!
