2013 CHECK POINT ANNUAL SECURITY REPORT
042
A
This appendix provides further information related to
the top malware found in our research. Check Point’s full
malware database is available at threatwiki.checkpoint.com
Zeus
is a back door bot agent that targets Microsoft
Windows platforms. A back door is a method of bypassing
authentication procedures. Once a system has been
compromised, one or more back doors may be installed in
order to allow easier access in the future
29
. Our research
detected Zeus bots generated from Zeus toolkit version
2.0.8.9. Zeus is a large family of banking Trojans with
considerable numbers of versions and variants. The malware
provides the attacker with remote access of the infected
systems. Its primary purpose is to steal online banking
credentials used by target users when accessing their accounts.
Zwangi
is an adware that targets Microsoft Windows
platforms. It is registered as a browser helper object
on an infected system. It may create a custom tool bar
within Internet Explorer and present the user with
unwanted advertising messages. This malware infects
systems through software bundles.
Sality
is a virus that spreads itself through infecting and
modifying executable files and copying itself to removable
drives or share folders.
Kuluoz
is a bot that targets Microsoft Windows platforms.
This bot is sent in spam messages pretending to be from US
Postal Service. It sends out system information and accepts
instructions from a remote server to download and execute
malicious files on the infected computer. Moreover, it
creates a registry entry in order to self-initiate after system
reboot.
Juasek
is a back door bot that targets Microsoft Windows
platforms. This malware allows a remote un-authenticated
attacker to perform malicious actions such as opening a
command shell, downloading or uploading files, creating
new processes, listing/terminating processes, searching/
creating/deleting files, and retrieving system information.
In addition, it installs a service to survive system reboots.
Papras
is a banker trojan that targets both 32bit and 64bit
Microsoft Windows platforms. This malware sends out
system information and requests configuration information
from a remote host. It affects network functions and
monitors users’ Internet activities to steal critical financial
information. In addition, it has back door functionalities
to provide remote attackers with unauthorized access
to infected computers. The accepted control commands
include downloading of other malicious files, collecting
cookies and certificates information, system rebooting
and shutting down, sending out login information, taking
screen shots, setting up socket connections to remote hosts
for other activities, etc. Moreover, the malware injects itself
into processes and may also inject other malicious files into
target processes.
APPENDIX A:
TOP MALWARE
