Virus writers didn’t take any time off over the public holidays, and the results of their labour have made their way into our May miscellany.
- Greediest Trojan targeting banks – in May, this title went to Trojan-Spy.Win32.Banker.aqu, a modification that targets 87 banks simultaneously.
- Greediest Trojan targeting e-payment systems – this month’s glutton is Trojan-PSW.Win32.VB.kq, which targets four e-payment systems.
- Greediest Trojan targeting payment cards – Trojan-PSW.Win32.VB.kq wins the prize in this category; it targets four payment card systems, and interestingly also targets e-payment systems (see the above category).
- Stealthiest malicious program – once again, it’s a Hupigon variant winning out in this category. Backdoor.Win32.Hupigon.rc is packed ten times with a whole range of packers. Nevertheless, this didn’t save the backdoor from detection.
- Smallest malicious program – this prize goes to a tiny little program weighing in at a mere 9 bytes. Despite its very compact size, Trojan.DOS.DiskEraser.b is smart enough to delete data from disk.
- Biggest malicious program – Trojan.Win32.KillFiles.ki was the most space-hungry malicious program in May. This file-deleting Trojan weighs in at a whopping 247MB. Interestingly enough, both May’s smallest and largest programs have the same malicious payload – but the difference in size is remarkable.
- Most malicious program – the leader in this category in May is Backdoor.Win32.Agobot.afy, which deletes antivirus programs using a variety of methods.
- Most common malicious program in email traffic – this title went to Email-Worm.Win32.Netsky.t this May. Despite being an old-timer, this worm is still causing major damage, accounting for over 15% of all malicious email traffic in May 2007.
- Most common Trojan family – the winner of this category this month is the Backdoor.Win32.Rbot family, with 454 modifications in the course of just one month.
- Most common virus/worm family – the Warezov family once again took this title this month. A total of 78 different variants of the Warezov family were detected in May, up from 72 in April.
The summer holidays are coming up, and although it’s unlikely we’ll see worm epidemics on the scale of those in 2004/5, we’ll still have plenty of work to do. See you in June for the next issue of our Miscellany!
Malware Miscellany, May 2007