Top 10 malware of 2004

The top 10 malware threats of 2004 as taken from McAfee and defined by Symantec are as followed: Adware-180, Adware-Gator, Exploit-ByteVerify, Exploit-MhtRedir, JS/Noclose, W32/Bagle, W32/Mydoom, W32/Netsky, W32/Sasser, W32/Sdbot (family including sdbot, gaobot, polybot, spybot). The majority of these threats enter into our system under a different alias’ or by hitching a ride on programs we download online.
Adware-180 is a spybot that monitors the activity its infectee’s do while online. This program will open up affliated sites when it sees a certain keyword while searching online. When adware-180 is downloaded it creates a name for itself in the Microsoft registry, this registry then can fix itself it only partial parts of the adware are removed.
Adware-Gator is one that I am ooooh to familiar with. This adware drives me crazy! I will be searching online and all of a sudden down by my time and date a little box will pop up giving me alternative vacation prices or prescription prices. Gator (or gain as it says in my registry) gets downloaded onto the computer either manually or by sneaking itself in with another download. With this adware on the hard drive it allows websites to upload their content to your computer without your knowledge enabling them to display advertisements at the strangest times.

Exploit-MhtRedir is a file that is considered “a malicious website to download and execute programs on your computer”. It’s file type is a Trojan horse, which disguises itself in order to promote unwanted HTML on your computer. This Trojan only affects Microsoft internet explorer.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

W32/Mydoom comes in an assortment of different subcategories ranging from category 1 to 2. The majority of the Mydoom worms are a category 2. The mass mailing worm that uses its own smtp to send emails to people listed on the infected computers. It allows unauthorized remote access. Once it finds the addresses of people it sends itself in attachments that say things like read the following attachment, please confirm, please read immediately etc.

W32/Sasser is one I think we all remember hearing about. This one gets onto your computer and scans IP addresses to find vulnerable computers. It’s wild threat is medium, the damage it causes is low but the distribution level of this worm is very high. The main threat of this worm is the fact that even though it is unable to infect Windows 95/98/ME it does take up a lot of space making it difficult for such programs as the Symantec removal tool to run. This worm is more or a nuisance then a threat.

I was unable to find information using the Symantec definitions but through research using google I managed to find some information on the following: exploit-byte verify, JS/Noclose, W32/Bagle, and W32/Sdbot. Exploit-byte verify is a tool that uses the java applet to exploit certain security holes in internet explorer and the outlook programs. JS/Noclose is a javascript Trojan, when you access an infected website the Trojan will minimize internet explorer and will try to access other websites. W32/Bagle is a file that locates the Port 80 and tries to establish a connection and download unwanted files from a variety of different sites. The W32/Sdbot is a worm that gets into the system and turns off programs such as anti-virus programs, it allows other to access your computer, drops more malware, reduces system security, reduces keystrokes, and installs itself in the registry.