Malware reports

Malware Miscellany, february 2007

I was considering our collection the other day, and the analysis we’ve recently been publishing on this site. And I thought that some slightly different statistics might be interesting to help round out the picture. So I did a little digging, and here’s my first malware miscellany – a collection of facts in a range of semi-random categories.

1. Greediest Trojan Targeting Banks – this month, it’s Trojan- Spy.Win32.Banker.zd, which targets the clients of 33 banks. And just as we keep saying, the number of Trojans which target more than one bank is growing all the time.

2. Greediest Trojan Targeting E-payment Systems – The winner in this category is Trojan-Spy.Win32.Banker.z. This Trojan targets three plastic card systems, but also steals finance-related data from the customers of many banks. Apparently, its author prefers a comprehensive approach to making money.

3. Greediest Trojan Targeting Plastic Cards – The top malicious program in this category is Backdoor.Win32.Neodurk.13, which searches for access data for three plastic card systems, in addition to providing cybercriminals with remote control of victim computers, which is its main function.

4. Stealthiest Program – This category’s winner is a modification of Backdoor.Win32.Rbot.gen, which is packed by eight different compression utilities in the hope that this will prevent antivirus programs from detecting the malicious code.

5. Smallest Malicious Program – This category of malware was won by, which is just 19 bytes in size. This is a primitive Trojan, which (as its name suggests) deletes folders on infected computers. Its targets include the Windows system directory; of course, if this gets deleted, you may end up with some serious problems.

6. Biggest Malicious Program – February’s “giant” is Trojan-Spy.Win32.Bancos.rv. It is 13 MB in size, and is a bit of an oddity – you might expect extensive functionality, which this Trojan doesn’t actually have.

7. Most Malicious Program – The winner from this category uses numerous methods to effectively combat antivirus protection installed on computers. February’s leader is Backdoor.Win32.Aebot.e, which uses a variety of methods to disable protection, including terminating processes in memory, stopping services and blocking updates. The malicious program terminates protection utilities by the dozen, including all kinds of firewalls, system monitoring utilities, antivirus products, etc.

8. Most Common Malicious Program in Email Traffic – In February 2007, the winner was Email-Worm.Win32.NetSky.t. Although this is a relatively old email worm, it still accounts for about 15% of all email traffic.

9. Most Common Trojan Family – We talk a lot about how the number of Trojans is on the increase. And Backdoor.Win32.Hupigon is a great example – in a single month we detected 368 modifications of this family.

10. Most common virus worm family – In February, the Warezov family was the most widespread among all virus and worm families. Samples of 118 different modifications were found in February alone.

I’ll be back with another malware miscellany fairly soon. If there’s any particular category that you’re interested in seeing included, do let me know.

Malware Miscellany, february 2007

Your email address will not be published.



The SessionManager IIS backdoor

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

APT ToddyCat

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.

WinDealer dealing on the side

We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack.

APT trends report Q1 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

Subscribe to our weekly e-mails

The hottest research right in your inbox