Panda Software’s Virus Yearbook of 2005

Filed under: — By Aviran Mordo @ 4:49 pm

Generally speaking, only malicious code that cause serious epidemics manage to attract media and public attention. Nevertheless, every day, many new examples appear with their own very specific traits. Panda Software presents a list of some of the more curious malicious code to have appeared during 2005.

  • Quick off the blocks. Downloader.AEE has the dubious honor of being the first threat detected in 2005 — we were still ringing in the New Year when it first emerged. Seems like the creators of this malicious code didn’t have a party to go to!
  • Casanova. Mydoom.AK, one of the many members of this infamous family of worms, uses a range of subjects and file names connected with Valentine’s Day… along with other more lurid bait.
  • The most ingenious. Assiral.A spreads in an email message very similar to the one used by LoveLetter. Just like in fashion, it looks like the classics will always make a comeback.
  • A frustrated reporter. It is difficult to know whether the creators of Crowt.A, a worm that spread in mail messages containing CNN headlines, wanted to cause as much damage as possible or simply keep us all up-to-speed on what was going on in the world. Fortunately, they didn’t achieve either.
  • The most annoying. Elitper.D wins hands down as it can prevent up to 90 applications from running, including Microsoft Word, Microsoft Excel, WinZip and WinRAR.
  • Soccer mad. Sober.V took advantage of soccer fans looking forward to next year’s World Cup in Germany. It tricks users by offering free tickets to the finals.

  • The most incompetent. Banker.APM is a Trojan that tries to steal confidential bank details. However, due to numerous programming errors, it turns out to be something of a failure as a thief. Just as well really!
  • Liar, liar… Downloader.EJD spreads in messages that claim to be from Microsoft. These emails warn users of the danger of the wave of Zotob and IRCBot worms that saturated the Internet in August, and try to trick the unwary into running the supposed patch to prevent infection.
  • How low can you get? Pretty low it seems when you try to benefit from others’ misfortune. Zar.A.worm uses the subject of donations to the victims of the Asian tsunami to trick users. Downloader.ENC pulls a similar stunt using hurricane Katrina. In this case, a web page supposedly offering support to victims of Katrina actually downloads a Trojan on to visitors’ computers.
  • Organized crime. Even thieves need to be organized. With all the data that Rona.A can steal from computers, it is no wonder that it’s so organized: version and date of its own installation; Internet connection details; actions it has taken and the time and date of each of them, etc.
  • Thieves on the prowl. The biggest thieves this year have been the Banker Trojans, designed to carry out online fraud. Nevertheless, the creators of these malicious codes could well do with investing some of their returns on language classes, as the messages that some of the Trojans use to trick users leave a lot to be desired.
  • Spoilsport. This ‘accolade’ goes to the Format.A Trojan, designed for PSP (PlayStation Portable), and Tahen.A and Tahen.B, aimed at Nintendo DS. These creations don’t just annoy users of these video consoles — they can even render the hardware completely unusable.
  • The most observant. The Bancos.NL Trojan stands out in this section. It spies on users, waiting until they enter financial or banking websites. This, in itself, is nothing new as many other malicious code take similar actions, but they can normally only monitor a few hundred web addresses. Bancos.NL however, monitors some 3000 addresses.
  • Modern times. ComWar.A.worm is the first worm for cell phones that can send itself in MMS messages, the same way as classic email worms.


Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress