The top 10 malware threats of 2004 as taken from McAfee and defined by Symantec are as followed: Adware-180, Adware-Gator, Exploit-ByteVerify, Exploit-MhtRedir, JS/Noclose, W32/Bagle, W32/Mydoom, W32/Netsky, W32/Sasser, W32/Sdbot (family including sdbot, gaobot, polybot, spybot). The majority of these threats enter into our system under a different alias’ or by hitching a ride on programs we download online.
Adware-180 is a spybot that monitors the activity its infectee’s do while online. This program will open up affliated sites when it sees a certain keyword while searching online. When adware-180 is downloaded it creates a name for itself in the Microsoft registry, this registry then can fix itself it only partial parts of the adware are removed.
Adware-Gator is one that I am ooooh to familiar with. This adware drives me crazy! I will be searching online and all of a sudden down by my time and date a little box will pop up giving me alternative vacation prices or prescription prices. Gator (or gain as it says in my registry) gets downloaded onto the computer either manually or by sneaking itself in with another download. With this adware on the hard drive it allows websites to upload their content to your computer without your knowledge enabling them to display advertisements at the strangest times.
Exploit-MhtRedir is a file that is considered “a malicious website to download and execute programs on your computer”. It’s file type is a Trojan horse, which disguises itself in order to promote unwanted HTML on your computer. This Trojan only affects Microsoft internet explorer.
W32/Mydoom comes in an assortment of different subcategories ranging from category 1 to 2. The majority of the Mydoom worms are a category 2. The mass mailing worm that uses its own smtp to send emails to people listed on the infected computers. It allows unauthorized remote access. Once it finds the addresses of people it sends itself in attachments that say things like read the following attachment, please confirm, please read immediately etc.
W32/Sasser is one I think we all remember hearing about. This one gets onto your computer and scans IP addresses to find vulnerable computers. It’s wild threat is medium, the damage it causes is low but the distribution level of this worm is very high. The main threat of this worm is the fact that even though it is unable to infect Windows 95/98/ME it does take up a lot of space making it difficult for such programs as the Symantec removal tool to run. This worm is more or a nuisance then a threat.