Malware reports

Monthly Malware Statistics for August 2008

Table of Contents

In its second month of compiling data, the new Kaspersky Security Network (KSN) technology revealed some significant changes amongst the most widespread malicious programs.

The first table is based on statistics provided by our 2009 antivirus products. This table shows the malicious programs detected on users’ computers.

Position Change in position Name
1 0 Trojan.Win32.DNSChanger.ech
2 New Trojan.Win32.Pakes.kab
3 New Trojan-Downloader.Win32.Agent.xqz
4 New Trojan-Downloader.Win32.Agent.yaw
5 New Trojan-Downloader.Win32.Agent.xws
6 New Trojan-Downloader.Win32.Small.zie
7 New Trojan-Downloader.Win32.Agent.xna
8 New Trojan-Downloader.JS.Agent.chk
9 New Trojan.Win32.Agent.tfc
10 6 not-a-virus:AdWare.Win32.BHO.ca
11 New not-a-virus:AdWare.Win32.Agent.cp
12 -3 Trojan.Win32.Agent.abt
13 New Trojan-Dropper.Win32.Agent.tbd
14 New not-a-virus:AdWare.Win32.BHO.sc
15 New not-a-virus:AdWare.Win32.BHO.vp
16 New Trojan-GameThief.Win32.OnLineGames.sjbb
17 New Trojan-Clicker.Win32.Agent.bkd
18 1 Trojan.Win32.Chifrax.a
19 New Trojan.RAR.Qfavorites.a
20 New Trojan-GameThief.Win32.OnLineGames.sgpq

 

Despite the changes, last month’s leader – Trojan DNSChanger.ech – remains at the top of this ranking. Overall, it is more than three times more widespread than the program which comes in second place. This indicates that there is quite a large-scale epidemic caused by DNSChanger which is affecting Western European countries in particular.

There were a total of 16 new entries to the rankings this month, all of which were added to our antivirus databases in August 2008. Prominent among the newcomers is a group of six Trojan-Downloaders that have occupied 3rd to 8th place. By preventing these Trojan-Downloaders from fulfilling their primary task of downloading the main body of a malicious program, our antivirus products have also blocked mass downloads of other malicious programs to users’ computers.

A number of Adware programs in the form of BHO (Browser Helper Object) also stand out. The large number of these programs is due to the fact that Internet Explorer – the browser such programs are designed to function on – is extremely popular.

Last month’s statistics contained four classes of malicious and potentially unwanted programs (TrojWare, AdWare, VirWare and other MalWare). In August only TrojWare and AdWare remained.

 

A total of 28940 different malicious and potentially unwanted programs were detected on users’ computers in August. That is an increase of more than 8000 on July’s figures and points to a significant increase in the number of in-the-wild threats.

The second table provides data about the most common malicious programs among all infected objects detected. The majority of the programs listed below have file-infection capabilities. The figures given are interesting as they indicate the spread of threats which need to be disinfected, rather than simply dealt with by deleting infected objects.

Position Change in position Name
1 3 Net-Worm.Win32.Nimda
2 8 Virus.Win32.Xorer.du
3 3 Virus.Win32.Parite.b
4 5 Virus.Win32.Virut.n
5 9 Virus.Win32.Parite.a
6 2 Virus.Win32.Alman.b
7 New Trojan.Win32.DNSChanger.ech
8 New Email-Worm.Win32.Runouce.b
9 4 Worm.Win32.Fujack.k
10 9 Worm.VBS.Headtail.a
11 4 Trojan-Downloader.WMA.GetCodec.d
12 New Virus.Win32.Downloader.ax
13 New Trojan-Clicker.HTML.IFrame.js
14 -13 Virus.Win32.Virut.q
15 New Virus.Win32.Small.l
16 -12 Virus.Win32.Hidrag.a
17 -5 Worm.Win32.Otwycal.g
18 New Virus.Win32.Virut.b
19 -14 Virus.Win32.Neshta.a
20 New Virus.Win32.Tenga.a

The changes in this list are less dramatic – only 7 new entries. However, there was some significant movement, with last month’s leader – Virut.q – falling 13 places and Fujack.ap dropping out of the rankings altogether after a second place finish last month.

The surprise leader turned out to be a worm that dates back to 2001. You could have been forgiven for thinking that such a worm would have disappeared from the Internet long ago, but the facts suggest otherwise: Nimda is still active and it’s likely that it’s still present in files that were infected during the epidemics of 2001-2002.

The appearance of Trojan.Win32.DNSChanger.ech in the second table also deserves a mention. This shows that it is constantly modifying itself and can exist in various guises on different computers.

Monthly Malware Statistics for August 2008

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2024

The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns.

Subscribe to our weekly e-mails

The hottest research right in your inbox