Malware Miscellany, October 2007

In spite of the change of seasons, October’s malware miscellany is in some ways remarkably similar to September’s, with a number of familiar programs once again making an appearance. Let’s take a closer look at the details:

1. Greediest Trojan targeting banks: This month’s leader is a modification of Trojan-Spy.Win32.Banker.ezn, which targets 45 banks. This seems positively modest in comparison to last month’s leader, which set its sights on 134 banks simultaneously.
2. Greediest Trojan targeting payment systems: Backdoor.Win32.Xhaker.c is very equitable in its approach – it attacks three e-payment systems and three plastic card systems.
3. Greediest Trojan targeting plastic cards: See above.
4. Stealthiest malicious program: The number 10 seems to be in favour at the moment – this month’s winner, Backdoor.Win32.Hupigon.mrv, is packed with ten different packers, just as last month’s leader was.
5. Smallest malicious program: In spite of its tiny 17 bytes, Trojan.BAT.DeltreeY.a packs a punch and wins the October nomination.
6. Biggest malicious program: Once again, a hefty representative of the Haradong family wins out – Trojan.Win32.Haradong.ct weighs in at 244MB, slightly larger than its close relative Haradong.bj, last month’s winner in this category.
7. Most malicious program: Backdoor.Win32.Rbot.ejs, like so many past winners of this category, disables security solutions by deleting them from memory and from the registry.
8. Most common malicious program in mail traffic: Email-Worm.Win32.Netsky.q retains its persistent presence in this category for the third month running, and made up 20.11% of all malicious programs in mail traffic in October.
9. Most common Trojan family: In spite of an impressive 563 modifications, Trojan-Spy.Win32.Banker‘s numbers are following last month’s trend, with figures just over 100 down on September’s.
10. Most common virus/ worm family: Email-Worm.Win32.Zhelatin (a.k.a the Storm worm) continues to reign in this category for the second month running, with 38 modifications in October.