Last month’s most prevalent web threats, according to McAfee Avert Labs, were VBS/Psyme, Adware-ZangoSA and Expolit-ByteVerify, which, it says, infected about 5% of PCs.
The VBS/Psyme Trojan, for example, is now circulating as a new variant – part of a attack that attempts to spread on the premise that it offers a codec to see a video of the suicide attack that killed Pakistani Prime Minister Benazir Bhutto.
Recently, this threat was proactively detected on a major Korean website. The exploit was hidden in an legitimate webpage that McAfee believes to have been subjected to unauthorised modifications. Similar incidents had been reported before, it says, on other less well known websites.
The threat causes unpatched Internet Explorer clients to download and execute further malware. In this case, 5.54% of PCs scanned were infected.
Meanwhile, Expolit-ByteVerify (also a Trojan) involves Java applets that attempt to exploit the Microsoft Security Bulletin MS03-011 vulnerability. McAfee says this vulnerability is considered to be critical because it allows an attacker to execute malicious code, simply by visiting an infectious website.
“Detections of this exploit do not necessarily mean that any malicious code was executed. It simply means that a Java applet was found to contain the exploit code. Conversely malicious code may have been run, which could result in any number of modifications to the system,” says McAfee.