Malware Miscellany, June 2007

The middle of the month means it’s time for our miscellany, so let’s take a look at what the first month of summer brought us.

1. Greediest Trojan targeting banks – this month the award goes to Trojan-Spy.Win32.Small.cz, which targeted 84 financial organizations. That’s just slightly less than last month’s 87.
2. Greediest Trojan targeting payment systems – this title goes to Backdoor.Win32.VB.bck this month after it tracked the users of three different e-currency systems.
3. Greediest Trojan targeting payment cards – Trojan-PSW.Win32.VB.kq, which took the same title in May, is really getting into its gluttonous stride. A new variant was detected in June which already targeting five different card systems, up from four last month.
4. Stealthiest malicious program – in June this title went to Backdoor.Win32.Amutius.143, packed eight times using a range of packers.
5. Smallest malicious program – this month we have the tiny 14-byte Trojan.BAT.DelTree.d. This puny program still packs a punch by deleting all directories from the disk.
6. Largest malicious program – Trojan-Spy.Win32Banbra.ha weighed in as the month’s largest malicious program at nearly 30MB (almost nothing compared to last month’s whopper).
7. Most malicious program – the leader in this category this month is Trojan.Win32.AddUser.k, which deletes antivirus solutions and services from the disk, from RAM, and all related registry keys.
8. Most common malicious program in email traffic – the prize for this category goes to Email-Worm.Win32.NetSky.q, which accounted for over 16% of all malicious email traffic.
9. Most common Trojan family – Trojan-Downloader.Win32.Agent is well ahead in this category, with 501 new variants detected in June.
10. Most common virus/ worm family – Zhelatin put in some effort this month, with a total of 49 modifications being intercepted in June.

With so many Trojan variants, virus writers are showing no signs of taking off for the beach. Which means, of course, that we won’t either. Drop by the blog this time next month for an update.