Security Response

90 Day Global Threats, Risks, and Vulnerabilities Timeline

Most Active New Threats

Name

Type

Protected*

Discovered

Trojan.Komodola	Trojan	05/18/2012	05/18/2012
W32.Stekct	Worm	05/17/2012	05/17/2012
Packed.Generic.368	Trojan Worm		05/17/2012
Packed.Generic.367	Trojan Worm	05/16/2012	05/16/2012
VirusDoctor!gen12	Misleading Application	05/16/2012	05/16/2012
Packed.Dromedan!gen3	Trojan Virus	05/15/2012	05/15/2012
Trojan.Smoaler!gen3	Trojan	05/15/2012	05/14/2012
Packed.Generic.366	Trojan Worm	05/11/2012	05/11/2012
Trojan.Tatanarg.B	Trojan	05/10/2012	05/10/2012
Trojan.Ransomlock.N	Trojan	05/09/2012	05/09/2012

*For continued protection, make sure that your Symantec subscription and/or license are up to date.

Threat Spotlight: Trojan.
Zeroaccess

Trojan.Zeroaccess is a Trojan horse that uses an advanced rootkit to hide itself. It is often installed through drive-by-download attacks from sites hosting the Blackhole exploit kit. The Trojan can also create an encrypted, hidden file system, download more malware, and open a back door on the compromised computer.

The Trojan is called ZeroAccess due to a string found in the kernel driver code that is pointing to the original project folder called ZeroAccess. It is also known as max++ as it creates a new kernel device object called __max++>.

More information on Trojan.Zeroaccess is available in the threat family writeup.

Best Practices

With the rapid rise in the number of malware attacks it’s harder than ever to prevent machines from getting infected. But have you done everything you can do? Have you done the things you must do to stay protected? Following some simple best practices can make a tremendous difference in improving your protection. Symantec has assembled a set of best practices for today’s threat landscape.

Use these recommendations to know what you must, should and can do to protect your endpoints from malware.

Want to go further and really beef up protection on your endpoint machines? Symantec Endpoint Protection has a feature called Application and Device Control that gives you additional tools to protect your endpoints. Find out about Application and Device Control and download rulesets especially created by Symantec to increase your protection. Information available here.

White Paper Spotlight

Pre-dating many of the mobile platforms it currently targets and outlasting several of the mobile platforms where it originated from, Opfake has a tendency for survival on the mobile threat landscape that others do not have. Combining business savvy through a strong black market affiliate network and quick reaction time to adapt itself to thwart efforts by security vendors, Opfake has not only managed to stay in business for several years, the Opfake family has come to define the evolution of mobile malware.

Android.Opfake generally disguises itself as legitimate applications or content such as an installer for a well known Web browser or pornographic movies. Analysis of the code behind the malicious program reveals a truer sense of its nature. Numerous suspicious functions exist in its functionality that would have no reasonable place in any legitimate application. These suspicious activities and more are discussed in greater detail in our whitepaper: Android.Opfake In-Depth.

View the full set of Symantec Security Response white papers.