Deutsch | English

Malware

This taxonomy definiton refers to so called "Malware" - i.e. unwanted software which gets installed on a PC without a users' consent, knowledge or full understanding.

Problem description

There is a multitude of different types of malware. The Wikipedia article on malware as well as Techtarget have good articles on the types, purposes and effects of different types of malware. Our taxonomy defintion of "malware" emcompasses any type of infection on a PC, Server or device which is connected to the Internet.

In order to help remediation efforts, CERT.at will always add a more specific hint (field "malware.name", "taxonomy.identification") on what type of malware the report talks about (disclaimer: as known to CERT.at. We do not inspect individual PCs or devices if the claim of a malware infection is true or not).

The following table lists the 20 most common types of malware in our CERT.at reports (as of Nov 2017).

CountMalware Family name
93630sprotect
93145adware
74780zeus
72570genieo
64856crossrider
59932pirrit
58330botnet
52406nivdort
43014conficker_b
24307conficker
18852necurs
15619ramnit
15564mobidash
12255virut
8023androidbauts
6293sality
5792zeroaccess
52594shared
5181pushdo
4694multiplug

The count column denotes the number of occurrences in our database for the interval Jan 2017 - end of Oct 2017. Please also note that there is no common schema for malware family names. Hence, the names are as we received them.

Checks

There is no gold standard on how to check against a malware infection since each type of malware might use different techniques. However, there are a couple of general principles which we can recommend:
  • Boot the PC from a known good read-only medium (such as a CD-ROM, DVD, ...) which contains a set of Antivirus (AV) tools.
  • Run these tools in order to check an infected PC
  • Look out for other tell-tale signs of infections: suspicious network traffic, hashes of binary programs, etc.
  • In some cases, re-installation from a known good software release might be the only last option
  • In some (as of the time of this writing) rather rare cases, hardware implants (or rogue BIOS / firmware updates) might exist. These will be rather undetectable for non-specialists.

Note well

CERT.at will only report a suspected malware infection based on the reports which we receive. We do not check these reports thoroughly. We rather pass these reports of indicators of compromises (IoCs) as-is to our constituency as quickly as possible so that you can inspect these IoCs directly. Hence we can give no guarantees for correctness of the IoCs. We welcome feedback in any case however.

Solution

Make sure that the PC or device is in a guaranteed clean state.
Last Change: 2018/1/16 - 14:21:49
Haftungsausschluss / Data Protection & Privacy Policy