Win32/Olmarik.AYD

Posted: February 3, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	2/10
Infected PCs:	91

First Seen:	February 3, 2012
OS(es) Affected:	Windows

Win32/Olmarik.AYD is a new variant of the TDL4 boot sector-based rootkit (AKA bootkit) that hijacks your computer's resources for click fraud and includes multiple components that run without your permission. Win32/Olmarik.AYD can also be reconfigured to cause other attacks and may be bundled with installation files for Adobe software. SpywareRemove.com malware researchers recommend that you never download software updates from unusual sources that could serve as infection vectors for Win32/Olmarik.AYD, which should be removed by advanced anti-malware applications due to the presence of advanced system changes, multiple components and the possibility of other PC threats (such as an accompanying Trojan dropper). Components of Win32/Olmarik.AYD gain access in the form of trusted processes and should be considered seriously violations of your computer's security until they're removed.

Purple Haze and Win32/Olmarik.AYD: a Good Song for Bad Software

Win32/Olmarik.AYD, nicknamed 'Purple Haze' due to the presence of a tag that references the song in its configuration file, is a new version of TDL4 with modifications to its structure and functions. Win32/Olmarik.AYD has been noted to be distributed by Trojan droppers that also install a legitimate version of Adobe Flash Player; this is used to gain privileged access to your PC. Exposure to potential infection vectors for Win32/Olmarik.AYD can be minimized by avoiding software updates unless you're certain that they're from safe websites, particularly in the case of updates for media players.

At least one security-related attack by Win32/Olmarik.AYD has been noted specifically to attack Windows 64-bit systems, although SpywareRemove.com malware researchers also warn that most of Win32/Olmarik.AYD's functions appear to be operational for 32-bit versions of the OS, as well. Win32/Olmarik.AYD's payload can differ due to its configuration instructions, but previous Win32/Olmarik.AYD attacks have been found to be guilty of browser redirect attacks (particularly for search results), pay-per-click fraud and the installation of other PC threats.

Waving Off Win32/Olmarik.AYD's Fog

Win32/Olmarik.AYD, as an update to a multi-component rootkit, will never be installed alone and will always include other Olmarik components, as well as a possibility of additional PC threats which Win32/Olmarik.AYD downloads and installs without your consent. SpywareRemove.com malware researchers recommend that you delete Win32/Olmarik.AYD and other components of an Olmark-based rootkit by using the best anti-malware applications that are at your disposal, since manually reversing all of changes by Win32/Olmarik.AYD is, at best, an onerous task. Related PC threats include Win32/Olmarik.AWO, Win32/Olmarik.AXW, Win32/Olmarik.ADA, Win32/Olmarik.IX, Win32/Olmarik.IF and Win32/Olmarik.HC.

Many PC security companies have only released an update for Win32/Olmarik.AYD's definition recently as of February 2012. If you have difficulty detecting Win32/Olmarik.AYD or related PC threats, you may want to consider updating your anti-malware scanner or switching to a scanner that's confirmed to have a definition for Win32/Olmarik.AYD. Because Win32/Olmarik.AYD has been modified significantly from previous versions of TDL4, including a distinctive lack of encryption, heuristic detection methods may not be able to uncover Win32/Olmarik.AYD.

Win32/Olmarik.AYD

Threat Metric

Purple Haze and Win32/Olmarik.AYD: a Good Song for Bad Software

Waving Off Win32/Olmarik.AYD's Fog

Leave a Reply