Malware reports

Monthly Malware Statistics for July 2008

Table of Contents

The format of the ‘Virus Top Twenty’ reports from Kaspersky Lab has changed as of July 2008. The previous method used to compile these reports and to assess the current threat landscape was based on data generated by analysing email traffic and the files checked using our Online Scanner. However, this method no longer provides an accurate reflection of the changing nature of malicious threats; email is no longer the main attack vector, and our data shows that malicious programs make up a very small proportion of all mail traffic.

From July 2008 onwards, the Top Twenty will be composed using data generated by Kaspersky Security Network (KSN), a new technology implemented in the 2009 personal product line. This data not only makes it possible for Kaspersky Lab to get timely information about threats and to track their evolution, but also makes it possible for us to detect unknown threats, and roll out that protection to users, as quickly as possible.

The 2009 personal products haven’t been officially launched in all countries, e.g. in Russian and the USA. The data presented in this report therefore provides an objective reflection of the threat landscape in the majority of European and Asian countries. However, in the near future, such reports will include data provided by users in other countries of the world.

The data received from KSN in July 2008 has been used to compile the following rankings.

The first is a ranking of the most widespread malicious, advertising, and potentially unwanted programs. The figures given are a percentage of the number of computers on which threats were detected.

Position Name
1   Trojan.Win32.DNSChanger.ech  
2   Trojan-Downloader.WMA.Wimad.n  
3   Trojan.Win32.Monderb.gen  
4   Trojan.Win32.Monder.gen  
5   not-a-virus:AdWare.Win32.HotBar.ck  
6   Trojan.Win32.Monderc.gen  
7   not-a-virus:AdWare.Win32.Shopper.v  
8   not-a-virus:AdTool.Win32.MyWebSearch.bm  
9   Trojan.Win32.Agent.abt  
10   Worm.VBS.Autorun.r  
11   Trojan.Win32.Agent.rzw  
12   Trojan-Downloader.Win32.CWS.fc  
13   not-a-virus:AdWare.Win32.Mostofate.cx  
14   Trojan-Downloader.JS.Agent.bi  
15   Trojan-Downloader.Win32.Agent.xvu  
16   not-a-virus:AdWare.Win32.BHO.ca  
17   Trojan.Win32.Agent.sav  
18   Trojan-Downloader.Win32.Obitel.a  
19   Trojan.Win32.Chifrax.a  
20   Trojan.Win32.Agent.tfc  

As the rating is only compiled using data received during the course of a single month, it’s very hard to make any predictions. However, future reports will include such forecasts.

Nonetheless, it is possible to divide all the malicious and potentially unwanted programs shown above into the fundamental classes used by Kaspersky Lab in its classification: TrojWare, VirWare, AdWare and Other MalWare.

Clearly, most of the time, victim machines are attacked by a wide range of Trojan programs.

Overall, in July 2008, there were 20704 unique malicious, advertising, and potentially unwanted programs detected on users’ computers. Our data indicates that out of these, approximately 20000 of them were found in the wild. The second Top Twenty provides figures on the most common malicious programs among all infected objects detected.

Position Name
1   Trojan.Win32.DNSChanger.ech  
1   Virus.Win32.Virut.q  
2   Worm.Win32.Fujack.ap  
3   Net-Worm.Win32.Nimda  
4   Virus.Win32.Hidrag.a  
5   Virus.Win32.Neshta.a  
6   Virus.Win32.Parite.b  
7   Virus.Win32.Sality.z  
8   Virus.Win32.Alman.b  
9   Virus.Win32.Virut.n  
10   Virus.Win32.Xorer.du  
11   Worm.Win32.Fujack.aa  
12   Worm.Win32.Otwycal.g  
13   Worm.Win32.Fujack.k  
14   Virus.Win32.Parite.a  
15   Trojan-Downloader.WMA.GetCodec.d  
16   Virus.Win32.Sality.l  
17   Virus.Win32.Sality.s  
18   Worm.Win32.Viking.ce  
19   Worm.VBS.Headtail.a  
20   Net-Worm.Win32.Allaple.b  

The majority of the programs listed above are able to infect files. The figures given are interesting as they indicate the spread of threats which need to be disinfected, rather than simply dealt with by deleting infected objects.

GetCodec.d, a program we talked about recently, is among the malicious programs in the rankings. We recently issued an announcement (http://www.kaspersky.co.uk/news?id=207575664) about this worm, which infects audio files; its presence in the Top Twenty indicates that it is spreading actively.

Details of change in position, and the proportion of all malicious, advertising, and potentially unwanted programs, as shown in previous reports, will be provided from August onwards.

Monthly Malware Statistics for July 2008

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox