QUICK HEAL QUARTERLY THREAT REPORT | Q2 2018 www.quickheal.com QUICK HEAL QUARTERLYANNUAL THREAT THREAT REPORT REPORT | |Q2 2018 2018 Contributors • Quick Heal Security Labs • Quick Heal Marketing Team QUICK HEAL QUARTERLYANNUAL THREAT THREAT REPORT REPORT | |Q2 2018 2018 Table of contents Introduction 01 About Quick Heal 02 About Quick Heal Security Labs 02 Windows 1. Quick Heal Detection on Windows | Q2 2018 04 2. Windows Malware Detection in Q2 2018 05 3. Top 10 Windows Malware 06 4. Category-wise Windows Malware Detection 10 5. Top 10 Potentially Unwanted Applications (PUA) and Adware 11 6. Top 10 Windows Exploits 12 7. Trends in Windows Security Threats 14 Android 1. Quick Heal Detection on Android | Q2 2018 18 2. Top 10 Android Malware of Q2 2018 19 3. Android Security Vulnerabilities Discovered in Q2 2018 23 4. Trends in Android Security Threats 24 Conclusion 25 QUICK HEAL QUARTERLYANNUAL THREAT THREAT REPORT REPORT | |Q2 2018 2018 Introduction In the second quarter of 2018, Quick Heal Security Labs detected over 180 million Windows malware. May clocked the highest detection - on a daily basis, Quick Heal detected around 2,004,728 malware, 16,165 ransomware, 141,079 exploits, and 40,488 PUA & adware. The Trojan horse family retained its position as the most dominant malware in the entire quarter. It grew 4.03% compared with its detection in Q1 2018. The top malware of the year is a destructive Trojan called Trojan.Starter.YY4. Quick Heal Security Labs noticed a spike in EternalBlue exploit (used in the biggest ransomware attack in 2017 – WannaCry). Other important trends include the increase of MBR (Master Boot Record) infecting ransomware and cryptocurrency mining. The most worrying trend, however, is cryptojacking – experts are calling it the new ransomware. Quick Heal Security Labs recorded over 631,000 detection (malware + PUA + adware) on the Android OS in Q2 2018. The PUA (Potentially Unwanted Application) family comprised 46.2% of the total detection of the year. The main trends observed in the Android threat landscape include the rise in cryptocurrency mining malware and banking Trojans that are targeting popular banking and social media apps. 1 QUICK HEAL QUARTERLYANNUAL THREAT THREAT REPORT REPORT | |Q2 2018 2018 About Quick Heal Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) is one of the leading IT security solutions company. Each Quick Heal product is designed to simplify IT security management for home users, small businesses, Government establishments, and corporate houses. About Quick Heal Security Labs A leading source of threat research, threat intelligence and cybersecurity, Quick Heal Security Labs analyses data fetched from millions of Quick Heal products across the globe to deliver timely and improved protection to its users. www.quickheal.com Follow us on: 2 WINDOWS 3 QUICK HEAL QUARTERLYANNUAL THREAT THREAT REPORT REPORT | |Q2 2018 2018 Malware Per Day: 2,004,728 Per Hour: 83,530 Per Minute: 1,392 Ransomware Per Day: 16,165 Per Hour: 674 Quick Heal Per Minute: 11 Detection on Exploit Per Day: 141,079 Per Hour: 5,878 Windows Per Minute: 98 Q2 2018 PUA and Adware Per Day: 40,488 Per Hour: 1,687 Per Minute: 28 Cryptojacking Malware Per Day: 13,427 Per Hour: 559 Per Minute: 9 Source: Quick Heal Security Labs 4 QUICK HEAL QUARTERLYANNUAL THREAT THREAT REPORT REPORT | |Q2 2018 2018 Windows Malware Detection in Q2 2018 The below graph represents the statistics of the total count of malware detected by Quick Heal during the period of April to June in 2018. Windows malware detection count in Q2 2018 80M 74M 70M 60M 55M 51M 50M 40M 30M 20M 10M K Apr May June Fig 1 Observations • Quick Heal detected over 180 million Windows malware in Q2 2018. • May clocked the highest detection of Windows malware. 5 QUICK HEAL QUARTERLYANNUAL THREAT THREAT REPORT REPORT | |Q2 2018 2018 Top 10 Windows Malware Fig 2 represents the top 10 Windows malware of Q2 2018. These malware have made it to this list based upon their rate of detection from April to June. Top 10 Windows malware of Q2 2018 6% Trojan.Starter.YY4 6% 14% LNK.Exploit.Gen 6% W32.Sality.U LNK.Browser.Modifier 7% 14% LNK.Cmd.Exploit.F W32.Ramnit.A 7% W32.Pioneer.CZ1 13% W32.Virut.G 13% W32.Brontok.Q 13% Trojan.Suloc.YY4 Fig 2 6 QUICK HEAL QUARTERLYANNUAL THREAT THREAT REPORT REPORT | |Q2 2018 2018 1. Trojan.Starter.YY4 Threat Level: High Category: Trojan Method of Propagation: Email attachments and malicious websites Behavior: • Creates a process to run the dropped executable file. • Modifies computer registry settings which may cause the infected system to crash. • Downloads other malware like keyloggers and file infectors. • Slows down the booting and shutting down process of the infected computer. • Allows hackers to steal confidential data like credit card details and personal information from the infected system. 2. LNK.Exploit.Gen Threat Level: High Category: Trojan Method of Propagation: Bundled software and freeware Behavior: • It is a destructive Trojan virus that could hide in spam email attachments, malicious websites and suspicious pop-ups. • This kind of virus can be installed on Windows systems by using illegal browser extensions. • It changes some of the system files without the user knowing about it. Next time the user launches the Windows system, this virus will run in the system background and spy on their activities. In order to redirect the user to dubious websites, the virus modifies system hosts file and hijacks the IP address. 3. W32.Sality.U Threat Level: Medium Category: Polymorphic file infector Method of Propagation: Removable or network drives Behavior: • Injects its code into all running system processes. It then spreads further by infecting the executable files on local, removable, and remote shared drives. • Tries to terminate security applications and deletes all files related to any security software installed on the system. • Steals confidential information from the infected system. 7 QUICK HEAL QUARTERLYANNUAL THREAT THREAT REPORT REPORT | |Q2 2018 2018 4. LNK.Browser.Modier Threat Level: High Category: Trojan Method of Propagation: Bundled software and freeware Behavior: • Injects malicious codes into the browser which redirects the user to malicious links. • Makes changes to the browser’s default settings without user knowledge. • Generates ads to cause the browser to malfunction. • Steals the user’s information while browsing like banking credentials for further misuse. 5. LNK.Cmd.Exploit.F Threat Level: High Category: Trojan Method of Propagation: Email attachments and malicious websites Behavior: • Uses cmd.exe with ""/c"" command line option to execute other malicious files. • Executes simultaneously a malicious .vbs file with name "help.vbs" along with a malicious exe file. • The malicious vbs file uses Stratum mining protocol for Monero mining. 6. W32.Ramnit.A Threat Level: Medium Category: Virus Method of Propagation: USB Drives, other malware, Exploit Kits, Spoofing the URL, and Bundled applications Behavior: • This malware has several components embedded within it. After installer is dropped or downloaded, it drops its various components in memory or disk. Each component has specified task. This will also speed up the process of infection. • It infects all running processes. • It also infects HTML files by appending script in it while in the case of PE file infection it appends itself in the file. • It modifies registry entries to ensure its automatic execution at every system start up. 7. W32.Pioneer.CZ1 Threat Level: Medium Category: File Infector Method of Propagation: Removable or network drives Behavior: • The malware injects its code to files present on disk and shared network. 8 QUICK HEAL QUARTERLYANNUAL THREAT THREAT REPORT REPORT | |Q2 2018 2018 • It decrypt malicious dll present in the file & drops it. • This dll performs malicious activities and collects system information & sends it to a CNC server. 8. W32.Virut.G Threat Level: Medium Category: File infector Method of Propagation: Bundled software and freeware Behavior: • Creates a botnet that is used for Distributed Denial of Service (DDoS) attacks, spam frauds, data theft, and pay-per-install activities. • Opens a backdoor entry that allows a remote attacker to perform malicious operations on the infected computer. • The backdoor functionality allows additional files to be downloaded and executed on the infected system. 9. W32.Brontok.Q Threat Level: Medium Category: Worm Method of Propagation: Spreads through emails or infected USB & network drives Behavior: • This worm spreads through emails or infected USB drives. • It stores several copies of itself on different places on the hard disk, including system directories. • It gains persistence by modifying registry keys and creating an entry in the Startup directory. • It modifies several system configuration parameters to disable the registry editor and command prompt. • It also modifies the safe boot shell to prevent the user from cleaning the machine. 10. Trojan.Suloc.YY4 Threat Level: Medium Category: Trojan Method of Propagation: Bundled software and malicious websites Behavior: • Copies itself on the targeted drive, and startup drive. • Modifies registry entries to execute itself automatically and hides file extensions. • Nested process continuously queries the information of dropped files and copies itself in download folder. 9 QUICK HEAL QUARTERLYANNUAL THREAT THREAT REPORT REPORT | |Q2 2018 2018 Category-wise Windows Malware Detection Fig 3 represents the various categories of Windows
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages28 Page
-
File Size-