[:en]<\/p>\n
Two weeks ago\u00a0we\u00a0explored lesser known malware, Trojans and worms, after 1985.<\/a> This time around, we look at more recent threats, starting with zombies…<\/p>\n 2003 Zombie, Phishing<\/strong> 2004 IRC bots<\/strong> 2005 Rootkits<\/strong> 2006 Share price scams<\/strong> 2006 Ransomware<\/strong> 2006 First advanced persistent threat\u00a0(APT) identified\u00a0<\/strong> 2008 Fake antivirus software<\/strong> 2008 First iPhone malware<\/strong> 2009 Conficker hits the headlines<\/strong> 2009 Polymorphic viruses rise again<\/strong> 2009 First Android malware<\/strong> 2010 Stuxnet<\/strong> 2012 First drive-by Android malware<\/strong> 2013 Ransomware is back<\/strong> Take note that information below is an extract from the Sophos Threatsaurus,<\/a> compiled by\u00a0Sophos, a security software and hardware company.<\/em><\/p>\n [:af]<\/p>\n
The Sobig worm gave control of the PC to hackers, so that it became a \u201czombie,\u201d which could be used to send spam.\u00a0The Mimail worm posed as an email from Paypal, asking users to confirm credit card information.<\/p>\n
Malicious IRC (Internet Relay Chat) bots were developed. Trojans could place the bot on a computer, where it would connect to an IRC channel without the user\u2019s knowledge and give control of the computer to hackers.<\/p>\n
Sony\u2019s DRM copy protection system, included on music CDs, installed a \u201crootkit\u201d on users\u2019 PCs, hiding files so that they could not be duplicated. Hackers wrote Trojans to exploit this security weakness and installed a hidden \u201cback door.\u201d<\/p>\n
Spam mail hyping shares in small companies (\u201cpump-and-dump\u201d spam) became common.<\/p>\n
The Zippo and Archiveus Trojan horse programs, which encrypted users\u2019 files and demanded payment in exchange for the password, were early examples of ransomware.<\/p>\n
First coined by the U.S. Air Force in 2006 and functionally defined by Alexandria, Virginia security firm Mandiant in 2008 as a group of sophisticated, determined and coordinated attackers. APTs are equipped with both the capability and the intent to persistently and effectively target a specific entity. Recognized attack vectors include infected media, supply chain compromise and social engineering.<\/p>\n
Scaremongering tactics encourage people to hand over credit card details for fake antivirus products like AntiVirus 2008.<\/p>\n
The US Computer Emergency Response Team (US-CERT) issues a warning that a fraudulent iPhone upgrade, \u201ciPhone firmware 1.1.3 prep,\u201d is making its way around the Internet and users should not be fooled into installing it. When a user installs the Trojan, other application components are altered. If the Trojan is uninstalled, the affected applications may also be removed.<\/p>\n
Conficker, a worm that initially infects via unpatched machines, creates a media storm across the world.<\/p>\n
Complex viruses return with a vengeance, including Scribble, a virus which mutates\u00a0its appearance on each infection and used\u00a0multiple vectors of attack.<\/p>\n
Android FakePlayerAndroid\/FakePlayer.A is a Trojan that sends SMS messages to premium rate phone numbers. The Trojan penetrates Android-based smartphones disguised as an ordinary application. Users are prompted to install a small file of around 13 KB that has the standard Android extension .APK. But once the \u201capp\u201d is installed on the device, the Trojan bundled with it begins texting premium rate phone numbers (those that charge). The criminals are the ones operating these numbers, so they end up collecting charges to the victims\u2019 accounts.<\/p>\n
Discovered in June 2010 the Stuxnet worm initially spreads indiscriminately, but is later found to contain a highly specialized malware payload that is designed to target only Siemens supervisory control and data acquisition (SCADA) systems configured to control and monitor specific industrial processes. Stuxnet\u2019s most prominent target is widely believed to be uranium enrichment infrastructure in Iran.<\/p>\n
The first Android drive-by malware is discovered, a Trojan called NotCompatible that poses as a system update but acts as a proxy redirect. The site checks the victim\u2019s browser\u2019s user-agent string to confirm that it is an Android visiting, then automatically installs the Trojan. A device infected with NotCompatible could potentially be used to gain access to normally protected information or systems, such as those maintained by enterprise or government.<\/p>\n
Ransomware emerges as one of the top malware threats. With some variants using advanced encryption that makes recovering locked files nearly impossible, ransomware replaces fake antivirus as malicious actors\u2019 money-soliciting threat of choice.<\/p>\n