Once again, PandaLabs, Panda Security’s anti-malware laboratory is closing the year with a light-hearted look at the viruses that have appeared over the last twelve months. This year it was no easy task: we have received more than 20 million new strains of malware in 2010.
As we always say, this is not a list of the most prolific threats or those that have caused most infections. These are simply some of the viruses that, for one reason or another, have caught our eye.
So here are the viruses that have made the ‘Virus Yearbook 2010’:
- The mischievous Mac lover: This title has been earned by a remote-control program with the worrying name of HellRaiser.A. It only affects Mac systems and needs user consent to install on a computer. Yet once installed, it can take remote control of the system and perform a whole host of functions… it can even open the DVD tray!
- The Good Samaritan: Surely some of you will have guessed… Bredolab.Y comes disguised as a message from Microsoft Support claiming that a new security patch for Outlook has to be installed immediately… But watch out! If you download the antivirus you will have installed the SecurityTool rogueware, which will start telling you that your system is infected and that you should buy a certain solution to fix it. Of course, if you pay for the program, you will never receive it, it will not resolve the problem and that’s the last you will see of your money…
- Linguist of the year. Times are hard, there’s no doubt… And hackers are increasingly having to adapt to new trends and do what they can to find new victims, that’s for sure. The lengths they’ll go to trick people know no bounds! Even learning new languages. As such, our award for the linguist of the year goes to MSNWorm.IE. This virus, which in itself is nothing special, is distributed via Messenger with a link tempting the user into viewing a photo… in 18 languages! At least the emoticon at the end “:D” is universal…So if anyone wants to know how to say “Look at this picture” in another language, here’s the list that will save you having to find a translator ;-).
Spanish: mira esta fotografia 😀
English: seen this?? 😀 look at this picture 😀
Portuguese: olhar para esta foto 😀
French: regardez cette photo 😀
German: schau mal das foto an 😀
Italian: guardare quest’immagine 😀
Dutch: bekijk deze foto 😀
Swedish: titta pσ min bild 😀
Danish: ser pσ dette billede 😀
Norwegian: se pσ dette bildet 😀
Finnish: katso tΣtΣ kuvaa 😀
Slovene: poglej to fotografijo 😀
Slovak: pozrite sa na tto fotografiu 😀
Czech: podφvejte se na mou fotku 😀
Polish: spojrzec na to zdjecie 😀
Romanian: uita-te la aceasta fotografie 😀
Hungarian: nΘzd meg a kΘpet 😀
Turkish: bu resmi bakmak 😀
- The most audacious: This year, the award goes to Stuxnet.A. If we had to choose a soundtrack for this virus, it would have to be something like that of the “Mission Impossible” or “The Saint”. This malicious code has been designed to target SCADA systems, i.e. critical infrastructures. The worm exploits a Microsoft USB security hole with a view to getting right to the core of nuclear plants… Just like the plot of a Hollywood film.
- The most annoying: Remember how viruses used to be? Or those ‘jokes’ that once installed would ask: “Are you sure you want to close the program? Yes – No?”. No matter what you clicked, the same screen would appear: “Are you sure you want to close the program?”, time and time again, enough to try the patience of a saint… Well that’s what this worm does: Oscarbot.YQ. Once it is installed, start praying, or doing yoga, or meditating… whatever you can think of, because it will drive you mad. Every time you close it, another screen opens asking another question, or opening a browser window, or… The most annoying, without a doubt.
- The most secure worm. Clippo.A, a name that might remind some users of “Clippy”, the nickname of the Microsoft office assistant in the form of a paperclip, is the most secure of worms: once installed on a computer it password-protects all office documents. This way, when a user tries to open them, it will be impossible if they don’t have the password. But why does it do this? This is the strange bit… for no reason! No ransom is demanded, users are not asked to buy anything… it is just there to annoy you. Yet this is no fun for anyone who’s infected, as there is no other visible symptom.
- A victim of the crisis: Ramsom.AB. The economic crisis is affecting many people around the globe, and this is mirrored in the world of cyber-crime. Some years ago, any ransomware (programs that block computers and demand a ransom to release them) worth its salt would demand a hefty fee: upwards of $300. Now with the crisis, the recession and competition among cyber-criminals… everyone’s feeling the pinch. So now for just $12 you will be able, supposedly, to reclaim your computer. Times are hard… you could almost feel sorry for them.
- The most economical with the truth. This year, this distinction goes to SecurityEssentials2010 (the fake one that is, not the official MS antivirus). This comes under the category of adware, but acts like any other fake antivirus. It tells victims that their computers are rife with infection and in danger, and it won’t stop until they ‘buy’ the solution. In this way it is the same as any other rogueware. Yet the design is so convincing, with authentic looking messages, screens, etc., that it has made the top 10 infections of the year. So watch out, and don’t believe a word!
To close the yearbook for 2010, we would like to make special mention of the insect of the year: the Mariposa (Butterfly) botnet, which was dismantled in March and led to the arrest of, the creators thanks to the collaboration between Panda Security, the Spanish Civil Guard, FBI and Defense Intelligence… Like a true insect, it fed on the nectar of other people’s computers, flitting from one to another… and compromised a total of 13 million computers around the world. This is one bug you never want to see in your garden, and certainly not on your computer.
More information is available from the PandaLabs Blog.