I was considering our collection the other day, and the analysis we’ve recently been publishing on this site. And I thought that some slightly different statistics might be interesting to help round out the picture. So I did a little digging, and here’s my first malware miscellany – a collection of facts in a range of semi-random categories.
1. Greediest Trojan Targeting Banks – this month, it’s Trojan- Spy.Win32.Banker.zd, which targets the clients of 33 banks. And just as we keep saying, the number of Trojans which target more than one bank is growing all the time.
2. Greediest Trojan Targeting E-payment Systems – The winner in this category is Trojan-Spy.Win32.Banker.z. This Trojan targets three plastic card systems, but also steals finance-related data from the customers of many banks. Apparently, its author prefers a comprehensive approach to making money.
3. Greediest Trojan Targeting Plastic Cards – The top malicious program in this category is Backdoor.Win32.Neodurk.13, which searches for access data for three plastic card systems, in addition to providing cybercriminals with remote control of victim computers, which is its main function.
4. Stealthiest Program – This category’s winner is a modification of Backdoor.Win32.Rbot.gen, which is packed by eight different compression utilities in the hope that this will prevent antivirus programs from detecting the malicious code.
5. Smallest Malicious Program – This category of malware was won by Trojan.BAT.DeltreeY.af, which is just 19 bytes in size. This is a primitive Trojan, which (as its name suggests) deletes folders on infected computers. Its targets include the Windows system directory; of course, if this gets deleted, you may end up with some serious problems.
6. Biggest Malicious Program – February’s “giant” is Trojan-Spy.Win32.Bancos.rv. It is 13 MB in size, and is a bit of an oddity – you might expect extensive functionality, which this Trojan doesn’t actually have.
7. Most Malicious Program – The winner from this category uses numerous methods to effectively combat antivirus protection installed on computers. February’s leader is Backdoor.Win32.Aebot.e, which uses a variety of methods to disable protection, including terminating processes in memory, stopping services and blocking updates. The malicious program terminates protection utilities by the dozen, including all kinds of firewalls, system monitoring utilities, antivirus products, etc.
8. Most Common Malicious Program in Email Traffic – In February 2007, the winner was Email-Worm.Win32.NetSky.t. Although this is a relatively old email worm, it still accounts for about 15% of all email traffic.
9. Most Common Trojan Family – We talk a lot about how the number of Trojans is on the increase. And Backdoor.Win32.Hupigon is a great example – in a single month we detected 368 modifications of this family.
10. Most common virus worm family – In February, the Warezov family was the most widespread among all virus and worm families. Samples of 118 different modifications were found in February alone.
I’ll be back with another malware miscellany fairly soon. If there’s any particular category that you’re interested in seeing included, do let me know.
Malware Miscellany, february 2007