Panda Security: Data from the Infected or Not website reveals that 14% of computers are infected by active malware
November 2007 by Panda Security
Some 14% of computers scanned last week at the Infected or Not website with the NanoScan and TotalScan online scanners were infected with active malware, that is, threats that were performing some kind of malicious action at the time of the scan.
25% of computers scanned had latent malwate, that is, malicious code installed on the system.
Of all the computes scanned, 72% had some kind of antivirus protection installed. However, this doesn’t guarantee total protection, as almost 30% of protected computers were infected by malware.
“Traditional, signature-based protection is no longer enough. It is necessary to complement it with proactive technologies that can detect threats by analyzing their behavior, and periodic audits with tools that can detect much more malware”, confirms Luis Corrons, Technical Director of PandaLabs. He adds: “NanoScan and TotalScan are examples of these tools, which work according to a collective intelligence approach. This system does not just check a single signature file, but uses an extensive knowledge base on Panda’s servers that allows these tools to detect much more malware”.
According to TotalScan, the most harmful malicious codes last week were the Zango and Navipromo adware and the Virtumonde spyware.
As for recent codes, PandaLabs highlights the Astry.A and EbodaR.A Trojans.
Astry.A prevents users from changing the Windows Explorer folder settings through Folder Options. It also displays several messages, one of them at the beginning of the session and another one at certain times set by the Trojan.
Finally, Astry.A modifies the information displayed on the View tab in the Windows Explorer Folder Options.
EbodaR.A is a Trojan that installs on computers by exploiting a vulnerability present in some versions of Acrobat Reader. Also, the Internet Explorer 7 browser must be installed on the system.
To exploit the flaw, attackers send malicious PDF files in email messages. If the user runs the file, a Windows XP command is executed that disables the system’s firewall. The Trojan is then downloaded and run from a certain Internet address.
Once installed, EbodaR.A can download other malicious codes onto the infected computer.