This virus is a network worm and exploits the RPC sub-system vulnerability present in the Microsoft Windows operating system, allowing an attacker to remotely attack a computer without valid user credentials. Win32/Conficker infects the computer using unsecured folders, removable medium or by making use of Autorun facility enabled by default in Windows. This threat contacts other domain names to download additional malicious code.
To avoid this threat, end users must update their system with the patch already available since October 2009.
This is the most common threat that infects a PC by creating an autorun.inf file. The file contains information about programs meant to run automatically when removable devices are connected to the computer. End users must disable the Autorun feature enabled by default in Windows. Since, use of removable devices is very popular, you can clearly see the reason why the INF/Autorun threat is at rank 2.
This threat belongs to a family of Trojans that is meant to cause harm to game players by stealing their user credentials and other personal or financial information. This information is then sent to the intruder’s PC. Game players must remain alert as the Win32/PSW.OnLineGames threat has been found in large volumes.
Win32/Agent is a major threat to several end users as it copies itself into the temporary locations and steals information from the infected PC. This malicious code adds entries into the registry, creating several files at different places in the system folder, allowing it to run on every startup. This way complete information is gathered about the infected PC and then transferred to the intruder’s PC. As a protective measure, use a good anti-malware, disable Autorun facility in Windows and do not click or open any unknown files.
This threat is designed to modify the settings of victim’s internet browser by modifying the search queries and directing the user to advertisements. Win32/FlyStudio seems to target the people of China. However, its presence has been reported in other regions like North America. It seems that the malicious code has been deployed by another family of malwares.
INF/Conficker exploits the host computer by making use of the Autorun feature enabled by default in Windows to spread later versions of this threat. As mentioned earlier, end users must disable the Autorun feature.
This threat designates a wide range of malwares that makes use of an obfuscation layer to steal passwords and other information from the infected PC. The “.Gen” suffix means generic i.e. Win32/Pacex.Gen contains other variants with similar characteristics. However, other malwares may not share the same base code, but they do make use of the same obfuscation technique to infect the host computer.
This threat, as the suffix .GetCode suggests, modifies the audio files present on the system to .wma format and adds a URL header that points to the location of the new codec. In this manner, the host computer is forced to download the new codec and along with the new codec several other malicious codes are also downloaded.
This means that the end user will download the new codec, believing that something new might happen, whereas, WMA/TrojanDownloader.GetCodec runs in the background causing harm to the host computer. At present, there is no way to verify the authenticity of the codec being downloaded as a new enhancement or a Trojan horse, users must avoid downloading new codecs unless downloading from a trusted website. Unnecessary downloading of codecs should also be avoided.
Win32/Qhost copies itself to the System32 folder of the Windows directory giving control of the computer to the attacker. The attacker then modifies the DNS settings redirecting the computer to other domains. This is done to compromise the infected machine from downloading any updates and redirect any attempts made to a website that downloads other malicious files on the victim’s computer.
As discussed earlier, threats with the name “Autorun” make use of the Autorun.inf file to infect the victim’s computer. The only solution is to disable the Autorun facility enabled by default in Windows.