|
|
| Home | Antiviruses | Articles | Anti-spam | Forum | Scan | Buy |
Virus Top 20 for May 2008 from Kaspersky Lab -- Posted by Igor_Donchenko on Thursday, June 5 2008
The May 2008 Email Top Twenty is a short one; this is explained by the well-known fact that virus writers take a break over the summer months. The complete absence of any epidemics in mail traffic, which is obvious from even a cursory glance at this month's rankings, bears this out. In fact, the only significant change to the rankings was caused by the re-entry of a few worms which have been in circulation for several years now. Trojan-Downloader programs such as Agent.ica, Agent.hsl, and Diehard that were active during the first four months of 2008 disappeared without trace in May. The Warezov and Zhelatin worms have not reappeared since dropping out of the Top Twenty back in February. The authors have stopped sending out the executable components of the worms by email, confining themselves to distributing the code via links on infected websites. This does mean that the threat posed by malicious code in email has declined. However, phishing and spam continue to pose very real threats and have the potential to create just as big a problem for the end user. Other malicious programs made up a significant percentage (12.15%) of all malicious code found in mail traffic. Summary
Online Scanner Top Twenty for May 2008 from Kaspersky Lab -- Posted by Igor_Donchenko on Wednesday, June 4 2008
The statistics produced by the online scanner in May 2008 are nothing short of revolutionary. Virtumonde.gen, which has been the unquestionable leader throughout 2008, has completely disappeared from view. Worms from the Bagle family, together with several variants of Trojan.Win32.Dialer, have also dropped out of the Top Twenty. They have been replaced by a new generation of malicious programs - file viruses, which are, unfortunately, much more dangerous. These new entries came in at 3 and 4 (variants of the Allaple worm), 2 and 10 (variants of Virut), 12 (Xorer) and 20 (Alman.b). Never before have file viruses enjoyed such success, with six entries and three different families in our Top Twenty rankings. Of this group, the Virut viruses pose the most serious threat. In April, we mentioned that these programs are bots used to build zombie networks. Infected computers can be used to conduct DDoS attacks, send spam and distribute new malicious programs. In comparison, even the ranking's veterans, the Brontok.q and Rays worms, seem relatively innocuous. Brontok has surrendered top place to the Trojan-Downloader program Pendix.d. We first detected this Trojan back in December 2007, but it is only now that its spread has reached epidemic levels. Both variants of the Chinese backdoor program Hupigon, and programs from the Trojan Spy OnlineGames family (which are designed to steal online game accounts), also disappeared from the rankings after several months of activity. Summary
BitDefender Lab's Top 10 Malware List for April Dominated by Malware Packers -- Posted by Igor_Donchenko on Friday, May 30 2008
Source: http://www.bitdefender.com
Online Scanner Top Twenty for April 2008 from Kaspersky Labs -- Posted by Igor_Donchenko on Wednesday, May 28 2008
At last, there's been a change in the three malicious programs leading our Online Top Twenty. After two months in first place, the adware program Virtumonde has slipped to second, while the other two programs which kept it company at the top in February and March fell further down the rankings. April's surprise was the veteran worm Brontok.q - after a third place finish at the end of 2007 and after hovering around sixth place for most of 2008, the worm shot to the top of the rankings. It took advantage of the previous leader experiencing a significant drop from 4.32% in March to 1.58% in April. This suggests that Virtumonde's authors have eased off the rate at which they are circulating their malicious creation. The classic file virus, Virut.n, increased its share for the second month in a row: it now ranks just below the top three. The rise of two places in April follows a jump of ten places in March. The authors of Virut.n authors are obviously continuing to develop this malicious program and it's not difficult to see why. Virus.Win32.Virut.n is not simply a file infector created by a virus writer for amusement - it's primarily a bot for creating zombie networks. The latter are, of course, becoming increasingly popular and profitable in the world of cybercrime. Incidentally, the only other version of the Virut virus in the Top Twenty - Virut.q - is keeping its namesake company just below in fifth place. It will be interesting to see if one of those two can claim top spot in the coming months. Among the newcomers to the rankings two programs stand out: the Chinese backdoor program Hupigon.vnd and the Trojan-PSW.Win32.OnLineGames.isb, which is designed for stealing accounts to a range of popular online games such as World Of Warcraft, and Lineage. April's Top Twenty shows the continued dominance of malicious programs which are primarily designed to steal a wide range of user passwords. Summary
Virus Top 20 for April 2008 from Kaspersky Labs -- Posted by Igor_Donchenko on Saturday, May 24 2008
In April 2008, malicious code in mail traffic underwent significant changes in comparison to the previous month. Net-Womr.Win32.Mytob.t and Email-Worm.Win32.Mydoom.m, which had been pushing their way to the top by jumping ten places last month suddenly appeared to run out of steam: one slid back down the rankings, while the other disappeared off the bottom of the table altogether. At the same time, new malicious programs appeared in the Top Twenty, something which didn't happen in March. The most recent mass mailing of the Diehard Trojan took place in February, and it seems that the authors are taking a break from spreading their creation widely. Our suppositions in March that this Trojan might end up lying low, rather than actively attacking, seem to be borne out by the absence of the program from this month's Top Twenty. Once again, it's worms that have been around for some time which are out in full strength, with a range of modifications of Email-Worm.Win32.Netsky taking up seven out of twenty places in the rankings. This could be seen as a certain measure of success for the virus writers, especially if you consider that these modifications made up almost 64% of all infected mail traffic in April. Trojan-Downloader.Win32.Small.hsl, which appeared in February and which rose to fifth place, has disappeared, being replaced by Trojan-Downloader.Win32.Agent.ica. However, the displacement of one Trojan-Downloader program by another is mere coincidence: the two programs have nothing in common, being constructed in completely different ways and created using different versions of Microsoft Visual Studio. Neither Zhelatin (a.k.a. the Storm Worm) nor Warezov, which vanished from the rankings in February, have returned. It seems their authors may have decided against spreading their creations by using email attachments. Overall, the picture created by the April 2008 statistics once again confirms the fact that new malicious programs are not being sent as attachments to emails. This tried and tested method, which is very resource intensive (at least when carrying out the initial mass mailing) is mainly used by the veteran malicious programs – those with email worm functionality. It's only rarely that we see Trojan-Downloader programs that put in a brief appearance in the Top Twenty; this is probably the result of mass mailings being conducted by malicious users who are new to the scene. Overall, malicious programs made up 0.95% of all mail traffic scanned by Kaspersky Lab systems in April 2008. Other malicious programs made up a certain percentage (4.06%) of all malicious code found in mail traffic, indicating that a number of other worms and Trojans are currently in active circulation. Source: kaspersky.com
Powered by Coranto
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Virus and security arcticles
 
|
|
|||
| © AntivirusWorld.com |