Drive Malware
Posted: June 24, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 2/10 |
|---|---|
| Infected PCs: | 99 |
| First Seen: | June 24, 2013 |
|---|---|
| OS(es) Affected: | Windows |
A significantly updated version of the Dirtjumper Trojan, a malware called Drive uses sophisticated means of launching website-crashing Distributed-Denial-of-Service attacks by using a compromised PC's resources. SpywareRemove.com malware experts have confirmed current estimates of Drive infections at over one thousand separate PCs, but Drive's distribution in malware forums currently is limited and may experience a boost in the near future. Denial-of-Service or DDoS attacks are most well-known for disabling a website with simulated traffic, but Drive also may cause side effects on the infected PC, such as system instability. Detecting intentionally-hidden Trojans like Drive can be done most effectively with anti-malware products that are able to find and delete Drive, like other remote-controlled Trojans, via general system scans for malicious software.
Drive: Driving Your Favorite Sites to a Highway to Hell
Drive's recent ancestor, Dirtjumper, first was discovered in the middle of 2011 – but has experienced fairly regular updates and newly-recurring variants since that time, with Drive as one of the latest of Dirtjumper's offspring. Drive's attacks are, anticlimactically, very similar in function to that of the original Dirtjumper, and exploit the resources of an infected computer to crash websites that criminals specify through Command & Control server-based instructions (the same type of security compromise that often is abused by backdoor Trojans for other attacks, such as stealing personal information or downloading other malware).
However, Drive possesses what SpywareRemove.com malware researchers consider an unusual degree of sophistication in the structure of its DDoS attacks. Drive's attacks can use multiple types of flooding (artificial website traffic boosts), including UDP, GET and 2 Post variants. Drive also may be instructed to attack numerous different websites during a certain period, although currently only a handful of high-profile sites (a news site, a search engine, various financial companies and an online store) have been confirmed as targets of Drive attacks so far. Once targeted, a website will crash from Drive's flood of fake traffic, causing it to be unusable temporarily – which SpywareRemove.com malware researchers often find to be associated with additional attacks that target the financial details of relevant companies (such as banks).
Driving Your Drive Right Off the Road
Drive isn't being distributed very widely so far, but still has succeeded in infecting hundreds of computers to date despite its recent emergence onto the malware scene. Although SpywareRemove.com malware experts don't rate Drive as an extreme security threat to an infected PC, Drive does have a high chance of being installed with other PC threats that are designed to take advantage of your computer in ways that are more personal than just using your computer to attack random websites. Ultimately, Drive should not be expected to be detectable by eye, and competent anti-malware software should be used for finding and deleting Drive, and any other Trojans that could have been installed with Drive.
Specific defenses that website administrators can take against Drive's DDoS attacks are beyond the scope of this article, but SpywareRemove.com malware experts do stress that Drive's impressive arsenal of advanced flooding techniques does make the point that the ongoing war between criminals and website security maintainers is still in full swing.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.