Top five malware of 2012

Even as operating systems and software developers try to make their products more secure, the threat from trojans, worms and other forms of malware is more real than ever. The social networking space seems to be under attack but the ones that really annoy and disrupt our work are the traditional computer viruses. Files are infected, PCs slow down and your PC may be used to bombard another site or infect other PCs. With the recent Flashback virus which infected Macs across the world, it’s clear that no OS is safe. What’s worse is that most of us aren’t even aware about the threat and there are many of them. The past few months have seen quite a few new malware being released. Here’s a list of the most powerful malware of 2012. 




Russian security firm, Kaspersky Lab recently uncovered a massive cyber attack codenamed ‘Flame.’ The malicious program was detected as Worm.Win32.Flame and is believed to have been operational since 2010. On infecting a system, Flame begins with its set of complex operations, which is inclusive of sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and even monitoring the display. The information is then sent to a network of command-and-control servers located in many different parts of the world. The first instance of the malware's activities was detected in Iran and the other countries affected by it are Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt. The malware has been collecting private data from these countries. Describing it as "one of the most complex threats ever discovered," the research into the attack had been carried in conjunction with UN's International Telecommunication Union. Also being investigated is another malware threat, called Wiper that has been deleting data in western Asia. However, although Flame has done no evident damage, it has been actively collecting very critical data.


Flame is said to be the most advanced and complete attack-toolkits ever discovered. It has hit more than 600 targets ranging from individuals to businesses and government systems. This new malware code is said to be 20 times larger than Stuxnet and the Flame package of modules is reportedly huge at 20 MB when completely deployed. Flame is called huge, because it includes libraries, like zlib, libbz2, ppmd for compression and sqlite3 for database manipulation, along with a LUA (a scripting language) virtual machine. Many parts of Flame have high order logic written in the scripting language with effective attack subroutines and libraries compiled from C++.


Image source: Getty Images

Image source: Getty Images



Flame has been termed as a backdoor, a trojan, and has worm-like features. It is capable of replicating in a local network and on removable media as well. Flame first sniffs network traffic, takes screenshots, records audio conversations via microphone, compresses it and sends it back to the attacker, and intercepts the keyboard. After the initial Flame malware infecteds a system, more modules are added to perform specific tasks, just like adding apps to a smartphone. With Flame, there are chances that it could be the most powerful virus ever. 




One of the most rigid viruses ever, trojan.Win32.Generic basically works like a destructive program.  It uses software vulnerabilities towards giving a remote hacker access to the affected computer. It works via a backdoor and carries out multiple tasks once installed. This has been of the most widely spread trojans in recent times, occupying a total of 35.1 percent from amongst the top ten thread detections for January this year.  Basically, the trojan has the capability to make the computer completely useless by modifying system configuration data and other Windows registries.


trojan.Win32.Generic is more threatening than INF.Autorun, which has infected a lot of devices in recent years. This trojan was listed in the top Ten malware of February 2012 and the percentage of infections rose to 30.93 percent in malware of March 2012, according to GFI. The best prevention steps include enabling firewall settings and keeping your computer well updated. 

Artemis trojan

This is one of those tricky viruses that could turn up to be false positives. The Artemis trojan is a computer virus that has the capability to completely disrupt infected computers by displaying advertisements or even fake security websites. It was first reported way back in August 2008 and now has been gaining momentum.

A lot of McAfee antivirus users have been receiving alerts that their computer has been infected with the Artemis trojan, which in certain circumstances has been a false positive as it was a detection technology developed by McAfee. It was the antivirus provider’s heuristic tool for malware detection. The fact that it could be a false positive or infact a trojan has been the major cause of concern for users worldwide. 



Flashback trojan

In the recent past Apple users have been enjoying optimum security as worms, viruses and hackers were on the low level. With Flashback trojan, however, the entire scenario has changed. Off late, infections have been on the rise and experts have labeled this trojan attack as the worst security disaster to have hit Macs. The number of infected Macs were close to 5,50,000 in April itself and chances are that they have increased by now. Since the past two months, the Flashback trojan has been spreading around the world, with no particular geographical based infection and its clear targets have been Macs and Macbooks running on the OS X platform. 






Basically, the exploitation lies in Java and once a user visits an infected link, a Javascript code fires up that allows an executable file to be downloaded to the infected PC. The trojan isn’t known to infect files or data, but it’s said that those controlling the trojan can do whatever they wish to do, which is a clear threat. Apple released a security update on 3rd of April, 2012, however this incident showed a pretty large loophole that allowed the trojan to propagate. There’s also a chance that other loopholes might exist in the operating system that haven’t been discovered, yet. Many would say that it’s the popularity of the Mac OS X and Apple’s products lately that are the reason hackers and virus writers are now focussing on the OS. Those looking for a fix to the exploit can download it from Apple’s site, here




Another popular malware that has started dominating is Scrinject.b.This malware recorded a global infection rate of 6.75 percent with a 6.95 percent infection in Europe taking top spot from INF.Autorun that has now been lowered to number three. ESET Live Grid – a cloud based malware collection system utilizing data from users worldwide has placed the global threat due to Scrinject.b on the top spot in their statistics list for April. 


Scrinject.b is a generic detection of HTML web pages containing an obfuscated script or iframe tag that automatically redirects the user to the malware download, while HTML/Iframe.B denotes a generic detection of malicious IFRAME tags embedded in HTML pages, which redirect the browser to a specific URL location containing malicious software. 


With technological advancement in every sphere, the complexity of these unwanted elements have been on the rise as well, and in such uncertain times, it's best to keep your PC up to date with the latest antivirus software, regular updates and secure browsing. Getting a firewall enabled, and being vigilant over your usage goes miles in ensuring your safety from these malware. 


Cover Image Source