Malware Miscellany, march 2007

It’s that time of the month again – when a young man’s mind turns to browsing virus collections.

1. Greediest Trojan Targeting Banks – Trojan-PSW.Win32.Agent.km takes this title this month. Not only does this Trojan wage war against 42 banks at once, it also attempts to intercept TAN-codes, which once again proves that this kind of protective measure does not present much of an obstacle for cyber criminals. The Trojan’s victims include many leaders in the global banking sector.
2. Greediest Trojan Targeting E-payment Systems – this title goes to one of the modifications of Trojan-Spy.Win32.Banker.clu, which is programmed to gain access into three different electronic money systems.
3. Greediest Trojan Targeting Plastic Cards – the title goes to Trojan-Spy.Win32.Banker.ciy. Last month, the malicious program that took this title was programmed to access three plastic card systems at once. Banker.ciy wins because it targets 5 systems instead of 3.
4. Stealthiest Program – this month Backdoor.Win32.Hupigon.elw takes the title – it is seven times with different .exe file packers.
5. Smallest Malicious Program – is the 51 byte Hoax.Bat.AlotWindows.a, which plays a mean joke on Internet users. When this program is launched, it begins to open a series of windows on the user’s computer with the text “DDoS DOS!” In reality, opening windows is all Windows.a is capable of.
6. Biggest Malicious Program – Trojan.Win32.Haradong.ao weighs in at a hefty 182 MB (!). This file is spread under the guise of a video file, with the extension “avi.scr.” It’s very large size is attributed solely to that fact.
7. Most Malicious Program – Backdoor.Win32.Rbot.aeu blocks security solutions using a variety of methods.
8. Most Common Malicious Program in Email Traffic – Email-Worm.Win32.NetSky.q, which has been around for years, but still managed to account for 14% of all malicious email traffic in March, which just goes to show that the older malware is still going strong.
9. Most Common Trojan Family – once again it is the Chinese Backdoor.Win32.Hupigon family, with a mere 326 modifications instead of the 368 we saw last month.
10. Most common virus worm family – goes to the well known Warezov worm again; with 44 new modifications detected this month.

Even after two miscellanies it is possible to draw some preliminary conclusions: malware that is used to make money is growing visibly and malware writers follow trends, with the popular malware showing up in the ratings consistently.