This is the first in what will possibly become a regular series of posts giving information on newly found viruses, trojans, and malware in general. The current sources of information are McAfee’s Virus Information site, Trend Micro’s Threat Encyclopedia, and Avast’s Summary of Virus Reports. Feel free to post comments giving additional sources, what you think of this new feature, and if we should continue to do it.
From all sources the newly found threats have low risk level, however even though much of the malware alone is not a danger, it is designed to enable others to collect private information from an infected computer, or download other malware, which may cause further damage. Of course not all of the malware discovered can be listed here, as there are too many to list.
The W32/Sality virus for Windows was found and added to McAfee’s Virus Information site on October 20, and, according to Avast’s virus reports, has already been detected on over 3% of the machines scanned. This virus is likely to modify Windows’ security settings, prevent access to the task manager, and prevent access to the registry editor. It also appears to rewrite processes in memory and connect to an external domain.
Trend Micro’s encyclopedia lists TROJ_SHADOW.AF found on the 19th. While the risk rating and distribution potential are both low, the potential damage is high as it appears to attack antivirus programs to patch the data with malware code. It also uses specific APIs to collect system information and may be related to the STUXNET malware. The Trojan TROJ_DUQU.DEC also listed on Trend Micro’s encyclopedia is similar in its damage potential and relation to STUXNET, but was found on the 21st.