Malware Miscellany, July 2007

As we gradually start the transition to autumn, let’s take a moment to look at the miscellaneous malware we saw at the height of summer 2007.

1. Greediest Trojan targeting banks – Summer is already halfway over. During the midsummer month of July, this category was led by Trojan-Spy.Win32.Banker.alv, which currently has its sights set on 33 banks.
2. Greediest Trojan targeting payment systems – the title this month goes to Trojan-PSW.Win32Steam.f, currently targeting three different e-payment systems at once.
3. Greediest Trojan targeting payment cards – here a Brazilian Trojan, Trojan-Spy.Win32Banbra.df, takes the category, targeting four different payment card systems.
4. Stealthiest malicious program – Trojan-Downloader.Win32.Delf.ain, which is packed 12 times, dominated this category in July.
5. Smallest malicious program – this month we have a tiny 14-byte program (the same size as last month’s winner, incidentally) called Trojan.BAT.Formatcu. Despite its small size, this program is capable of doing a lot of damage by destroying all data on the C: drive.
6. Largest malicious program – the heavyweight champion in July, a modification of Trojan.Win32.KillFiles.mb, takes up a lot of space at 743MB.
7. Most malicious program – the leader this month is Backdoor.Win32.Aebot.e. It deletes antivirus protection from files on disk, from processes running in RAM, and from registry auto run keys.
8. Most common malicious program in email traffic – July’s most common malicious program was Email-Worm.Win32.Warezov.pk, which accounted for nearly 23% of all mail traffic last month.
9. Most common Trojan family – last month’s leader in this category was the Trojan-Spy.Win32.Banload family. A total of 534 variants of this family that had not been previously detected emerged last month.
10. Most common virus/ worm family – The most common worm family in July was the email worm Warezov. 41 modifications of this family were detected in July.