2013 CHECK POINT ANNUAL SECURITY REPORT
042
A
This appendix provides further information related to
the top malware found in our research. Check Point’s full
malware database is available at threatwiki.checkpoint.com
Zeus
is a backdoor bot agent that targetsMicrosoftWindows
platform. Abackdoor is amethodof bypassing authentication
procedures. Once a system has been compromised, one or
more backdoors may be installed in order to allow easier
access in the future
29
. Our research detected Zeus bots
generated using version 2.0.8.9 of the Zeus toolkit. Zeus is
a large family of banking Trojans with considerable numbers
of versions and variants in the wild. The malware provides
remote access of infected systems to an attacker. Its primary
purpose has been to steal online banking credentials used by
target users when accessing their accounts.
Zwangi
is an adware that targets Microsoft Windows
platform. It is registered as a browser helper object on an
infected system. It may create a custom tool bar within
Internet Explorer and present the user with unwanted
advertising messages. This malware infects systems
through software bundles.
Sality
is a virus that spreads itself through infecting and
modifying executable files and copying itself to removable
drives or share folders.
Kuluoz
is a bot that targets Microsoft Windows platform.
This bot, reportedly, is sent in spam messages pretending to
be from US Postal Service. It sends out system information
and accepts instructions from a remote server to download
and execute malicious files on the infected computer.
Moreover, it creates a registry entry in order to get started
after system reboot.
Juasek
is a backdoor bot that targets Microsoft Windows
platform. This malware allows a remote un-authenticated
attacker to perform malicious actions such as open a
command shell, download or upload files, create new
processes, list/terminate processes, search/create/delete
files, and retrieve system information. In addition, it installs
a service to survive system reboots.
Papras
is a banker trojan that targets both 32bit and 64bit
Microsoft Windows platforms. This malware sends out
system information and requests configuration information
from a remote host. It hooks network functions and
monitors a user‘s Internet activities to steal critical financial
information. In addition, it has Backdoor functionality
to provide remote attackers with unauthorized access
on infected computers. The accepted control commands
include download of other malicious files, collecting
cookies and certificates information, reboot and shutdown
of the system, sending out log information, taking screen
snapshots, setup of socket connection to a remote host for
other activities, etc. Moreover, the malware injects itself
into processes and may inject other malicious files into
target processes as well.
APPENDIX A:
TOP MALWARE