Eset experts submitted a report on the most active threats in 2012. Statistics were collected with the help of cloud technology ESET Live Grid.
1. First place in the ranking placed startup files in which malware is activated in the system. Typically, such a method of distribution using the threat copies itself to removable USB-drives.
2. In second and third places – a web page containing infected scripts or tags IFRAME, which will automatically redirect the user to install malicious code.
3. Fourth place belongs to the network worm Win32/Conficker, which was originally used for a vulnerability in the latest versions of Windows (Windows 2000 exposed – Windows 7).
4. On the fifth – the virus Sality. It provides a startup through the registry, and disables services related to antivirus products and security products. Able to modify the EXE and SCR.
5. The sixth line charts belongs worm Dorkbot, which spreads itself via removable media, also contains a functional characteristic of backdoors, and can receive commands from the outside (via IRC). He collects private user information such as user names and passwords for different services when you visit certain Web sites.
6. In seventh place – malicious Java-script redirects the browser to a special address URL, which contains infected code.
7. Eighth position belongs to the backdoor, which allows access to the infected computer to them.
8. On the ninth line – a virus with an auto restart function Ramnit. Infects DLL and EXE, and searches for files HTM and HTML to contain malicious code there. It uses a vulnerability in the system (CVE-2010-2568), which allows it to execute arbitrary code.
9. And, finally, closes rating Spy.Ursnif – spyware application that steals information from the infected computer and sends it to a remote server, creating a hidden account in order to allow communication through the Remote Desktop connection. Actively distributed via Blackhole Exploit Kit at the beginning of the year.