http://totaldefense.com/malware-information-center.aspx TOP 5 VIRUSES support@totaldefense.com en-us New malware emerged recently attacking Android (and Windows via USB). Main capabilities: Steals information and downloads files File size: 330,984 bytes File type: APK This malware comes up being a "system solution" that supposedly assists with accelerating your system. Right after set up, it displays an image launcher. After the harmful application is launched, the user will discover its homescreen. The application offers a number of different “clean options” for the user to select, however they really practically do nothing at all other than display an activity bar. Concurrently, the malware begins a service that is harmful throughout the background. It signs up a location listener to gather as well as upload location details via HTTP to a server. It additionally gets instructions from a C&C server. The protocol utilized by the malware to communicate to the C&C server is a unique one. The malware executes a number of functionalities: •Send and Delete SMS messages •Steal contact information •Track location via GPS device •Make phone calls •Execute commands Why is this malware special is the control usb-autorun-attack. Following this control the malware will down load a few files from its server and also save them with inside the SD card. Among the files saved is a traditional Windows auto-run malware thus when the user chooses the USB setting on the cellular device and attaches with a Windows platform, the auto-run malware will operate instantly on Windows. This auto-run is made to record voice and report to the server. http://totaldefense.com/virusinfo/virus.aspx?id=191757 http://totaldefense.com/virusinfo/virus.aspx?id=191757 The worm is written in Visual Basic using complicated encryption engine. It allocates memory, decrypts code and proceeds to work in decrypted blocks. When a USB drive is inserted or network drive shares are available, the worm changes the attributes of directories and files with following extensions creates EXE files named after the hidden objects. Unlike previous variants of the worm that create files with double extension, these names are not catched by existing detection by name but is done at upper level of the directory structure, not recursively. http://totaldefense.com/virusinfo/virus.aspx?id=191756 http://totaldefense.com/virusinfo/virus.aspx?id=191756 Win32/Nechiod.A Trojan attempts to download and execute malicious files from remote location. http://totaldefense.com/virusinfo/virus.aspx?id=191750 http://totaldefense.com/virusinfo/virus.aspx?id=191750 Win32/Kuluoz.BN Trojan is basically downloader that attempts to be backdoor server. It attempts to download various files like password stealers and rogue security malware (from Win32/FakeAV and Win32/Winwebsec). http://totaldefense.com/virusinfo/virus.aspx?id=191751 http://totaldefense.com/virusinfo/virus.aspx?id=191751 “Win32/DistTrack.A” is detection for the Trojan that steals system information and overwrites the Master boot record and other system files, so that the user cannot access the system. http://totaldefense.com/virusinfo/virus.aspx?id=191752 http://totaldefense.com/virusinfo/virus.aspx?id=191752