The format of the ‘Virus Top Twenty’ reports from Kaspersky Lab has changed as of July 2008. The previous method used to compile these reports and to assess the current threat landscape was based on data generated by analysing email traffic and the files checked using our Online Scanner. However, this method no longer provides an accurate reflection of the changing nature of malicious threats; email is no longer the main attack vector, and our data shows that malicious programs make up a very small proportion of all mail traffic.
From July 2008 onwards, the Top Twenty will be composed using data generated by Kaspersky Security Network (KSN), a new technology implemented in the 2009 personal product line. This data not only makes it possible for Kaspersky Lab to get timely information about threats and to track their evolution, but also makes it possible for us to detect unknown threats, and roll out that protection to users, as quickly as possible.
The 2009 personal products haven’t been officially launched in all countries, e.g. in Russian and the USA. The data presented in this report therefore provides an objective reflection of the threat landscape in the majority of European and Asian countries. However, in the near future, such reports will include data provided by users in other countries of the world.
The data received from KSN in July 2008 has been used to compile the following rankings.
The first is a ranking of the most widespread malicious, advertising, and potentially unwanted programs. The figures given are a percentage of the number of computers on which threats were detected.
Position | Name |
1 | Trojan.Win32.DNSChanger.ech |
2 | Trojan-Downloader.WMA.Wimad.n |
3 | Trojan.Win32.Monderb.gen |
4 | Trojan.Win32.Monder.gen |
5 | not-a-virus:AdWare.Win32.HotBar.ck |
6 | Trojan.Win32.Monderc.gen |
7 | not-a-virus:AdWare.Win32.Shopper.v |
8 | not-a-virus:AdTool.Win32.MyWebSearch.bm |
9 | Trojan.Win32.Agent.abt |
10 | Worm.VBS.Autorun.r |
11 | Trojan.Win32.Agent.rzw |
12 | Trojan-Downloader.Win32.CWS.fc |
13 | not-a-virus:AdWare.Win32.Mostofate.cx |
14 | Trojan-Downloader.JS.Agent.bi |
15 | Trojan-Downloader.Win32.Agent.xvu |
16 | not-a-virus:AdWare.Win32.BHO.ca |
17 | Trojan.Win32.Agent.sav |
18 | Trojan-Downloader.Win32.Obitel.a |
19 | Trojan.Win32.Chifrax.a |
20 | Trojan.Win32.Agent.tfc |
As the rating is only compiled using data received during the course of a single month, it’s very hard to make any predictions. However, future reports will include such forecasts.
Nonetheless, it is possible to divide all the malicious and potentially unwanted programs shown above into the fundamental classes used by Kaspersky Lab in its classification: TrojWare, VirWare, AdWare and Other MalWare.
Clearly, most of the time, victim machines are attacked by a wide range of Trojan programs.
Overall, in July 2008, there were 20704 unique malicious, advertising, and potentially unwanted programs detected on users’ computers. Our data indicates that out of these, approximately 20000 of them were found in the wild. The second Top Twenty provides figures on the most common malicious programs among all infected objects detected.
Position | Name |
1 | Trojan.Win32.DNSChanger.ech |
1 | Virus.Win32.Virut.q |
2 | Worm.Win32.Fujack.ap |
3 | Net-Worm.Win32.Nimda |
4 | Virus.Win32.Hidrag.a |
5 | Virus.Win32.Neshta.a |
6 | Virus.Win32.Parite.b |
7 | Virus.Win32.Sality.z |
8 | Virus.Win32.Alman.b |
9 | Virus.Win32.Virut.n |
10 | Virus.Win32.Xorer.du |
11 | Worm.Win32.Fujack.aa |
12 | Worm.Win32.Otwycal.g |
13 | Worm.Win32.Fujack.k |
14 | Virus.Win32.Parite.a |
15 | Trojan-Downloader.WMA.GetCodec.d |
16 | Virus.Win32.Sality.l |
17 | Virus.Win32.Sality.s |
18 | Worm.Win32.Viking.ce |
19 | Worm.VBS.Headtail.a |
20 | Net-Worm.Win32.Allaple.b |
The majority of the programs listed above are able to infect files. The figures given are interesting as they indicate the spread of threats which need to be disinfected, rather than simply dealt with by deleting infected objects.
GetCodec.d, a program we talked about recently, is among the malicious programs in the rankings. We recently issued an announcement (http://www.kaspersky.co.uk/news?id=207575664) about this worm, which infects audio files; its presence in the Top Twenty indicates that it is spreading actively.
Details of change in position, and the proportion of all malicious, advertising, and potentially unwanted programs, as shown in previous reports, will be provided from August onwards.
Monthly Malware Statistics for July 2008