January 2013 virus activity review from Doctor WebFebruary 4, 2013The first month of 2013 sprang no surprises. Apparently, virus makers were slow to get back to work after the Christmas holidays. Another outbreak of Trojan.Mayachok programs became the main trend in January which also saw a number of new threats to Windows and Android. VirusesTrojan.Mayachok.2 became the undisputed leader among malware detected by Dr.Web CureIt!

• Dr Web Internet Security 2012 Download
• Dr Web Cureit Portable
• Free Avg Internet Security 2012

Recall that, known to Dr.Web since spring 2011, stands apart from other versions of this rather common malware. It is a VBR bootkit, which means that the Trojan infects NTFS Volume Boot Records. Incorporates drivers for both 32-bit and 64-bit versions of Microsoft Windows. The program's main objective is to block Internet access and display a web page in the browser that prompts users to download a security update. To get the update, users must submit their phone number and enter a confirmation code delivered in a reply SMS. Thus, the victim becomes subscribed to a chargeable service, and a fee will be regularly debited from their mobile phone account.Since the malicious object that replaces web pages loaded in the browser resides in the memory, reinstalling the browser, resorting to the system Restore feature and running Windows in safe mode won't rid the system of the Trojan.

The infection is best treated by scanning the infected computer with Dr.Web CureIt! Or Dr.Web LiveCD. A detailed technical analysis of the threat can be found in one of our.Conversely, the number of Trojan.Mayachok detections by Dr.Web CureIt!

In RAM was rather high (over 40,000 instances). Also detected frequently in January was.

Fake installers, detected by Dr.Web as, are still frequently being found on machines as are programs. A list of the top 20 most common threats detected on desktops and laptops by Dr.Web CureIt! In January 2013 is presented in the table below: Name%Trojan.MayachokMEM.44.852.392.261.500.940.870.850.750.710.660.640.600.590.540.530.470.460.460.450.45Black.Energy rebornIn January 2013, Doctor Web discovered a new version of the Trojan BlackEnergy that was dubbed. The breakdown of the BlackEnergy botnet—the largest botnet designed to send spam—was reported by many world media outlets in summer 2012. The botnet was capable of sending as many as 18 billion messages per day at its peak period of activity. But, thanks to the joint efforts of information security activists, by autumn of last year, the botnet's main controlling servers were shut down, and by December, the botnet ceased to operate completely.However, in January 2013, criminals attempted to create a new botnet with the malware. Unlike its previous editions in the malware family, has its configuration file encrypted and stored in the dynamic linking library whose code is injected into the process svchost.exe or explorer.exe when the Trojan is launched.

In addition, the criminals slightly modified the network protocol used by to communicate with the control center. At first, the criminals didn't send any commands to the bots. Apparently, they expected the growing botnet to reach a certain number of zombie machines. However, they soon employed it to mount a DDoS attack on one of the most popular Russian entertainment sites. The Trojan was discovered while Doctor Web's virus analysts were monitoring another large botnet, Backdoor.Andromeda.

Dr Web Internet Security 2012 Download

More detailed information about this threat can be found in news stories. Threats to AndroidThe wide popularity of mobile devices running Android has led to a natural increase in interest on the part of criminals in personal information stored on such devices.

Dr Web Cureit Portable

A trend toward increased growth in the quantity of malware and riskware designed to retrieve confidential information was noted starting in 2012 and persisted and persisted in early 2013Another Trojan for Android designed to steal information from phone books on devices belonging to Japanese users was discovered at the beginning of January. Like other similar malicious applications, Android.MailSteal.2.origin is distributed by means of spam emails that prompt users to install one or another useful program. Clicking on the link brings careless users to a site that simulates Google Play’s official catalogue, and here, they can unsuspectingly install the Trojan on their device. It is worth mentioning that criminals attempt to give their victims freedom of choice by offering several different applications, but all of them contain the same malware.

Android.MailSteal.2.uses a standard approach to disguise its operation: when launched, it notifies the user that it is performing an initial configuration, but after a while, it reports that it was unable to run on the target mobile device. Simultaneously it covertly searches for contact information and, when found, transmits the relevant data, such as email addresses and phone numbers, to a remote server. The acquired information can later be used by criminals in their spam campaigns or sold on the black market.In January Doctor Web's virus analysts also discovered a significant number of new commercial spyware: Program.SpyMob.origin, Program.MSpy.2.origin, Android.Phoggi.1.origin, Program.OwnSpy.1.origin, Program.Copyten.1.origin, and Program.Spector.1.origin. In addition, the virus databases have been updated to include definitions for modifications of spyware programs for the Blackberry mobile platform. These were dubbed BlackBerry.Phoggi, Program.Spector.1, Program.Spector.2, and Program.Spector.3.Recall that commercial spyware can control various features of a mobile device: they can monitor SMS communications, incoming and outgoing phone calls and acquire a device's GPS coordinates. Such programs are often used without the knowledge of the device's owner, so the owner’s personal information can be at risk.

The wide variety of spyware found in January indicates that such services are in high demand, and that the number of such programs will grow steadily.Other threats in JanuaryIn early January 2013 Doctor Web discovered a new Trojan called BackDoor.Finder, which is located predominantly in the USA. The Trojan injects its code into the processes of the most popular browsers (Microsoft Internet Explorer, Mozilla Firefox, Maxtron, Chrome, Safari, Mozilla, Opera, Netscape and Avant), intercepts queries to various search engines (google.com, bing.com, yahoo.com, ask.com, search.aol.com, search.icq.com, search.xxx, www.wiki.com, www.alexa.com or yandex.com) and displays links to sites designedby hackers instead of search results. More information about this threat can be found in one of our.BackDoor.Butirat.245, a program belonging to a well-known malware family, was also discovered in January. When commanded by intruders, this malware can download and launch executables in an infected system and steal passwords stored by popular FTP client software. For additional information about this threat, please refer to a. Doctor Web is the Russian developer of Dr.Web anti-virus software.

Free Avg Internet Security 2012

We have been developing our products since 1992. The company is a key player on the Russian market for software that meets the fundamental need of any business — information security. Doctor Web is one of the few anti-virus vendors in the world to have its own technologies to detect and cure malware. Our anti-virus protection system allows the information systems of our customers to be protected from any threats, even those still unknown.

Doctor Web was the first company to offer an anti-virus as a service and, to this day, is still the undisputed Russian market leader in Internet security services for service providers. Doctor Web has received state certificates and awards; our satisfied customers spanning the globe are clear evidence of the high quality of the products created by our talented Russian programmers.

. Neutralisation of threats even during Dr.Web installation. Manage the anti-virus protection of the file servers and PCs within your local network from any Dr.Web-protected computer —the Dr.Web Enterprise Security Suite Control Center is not required. Use Active Directory policies and Login Script to install the anti-virus remotely. Multi-threaded scanning ensures a minimal response time. Smart optimisation takes into account available system resources.