Malware reports

Online Scanner Top Twenty for April 2008

Position Change in position Name Percentage
1. Up
+4
Email-Worm.Win32.Brontok.q 1.71
2. Down
-1
not-a-virus:AdWare.Win32.Virtumonde.gen 1.58
3. Up
+1
not-a-virus:PSWTool.Win32.RAS.a 1.45
4. Up
+2
Virus.Win32.Virut.n 1.00
5. Return
Return
Virus.Win32.Virut.q 0.86
6. Up
+7
not-a-virus:Monitor.Win32.Ardamax.ae 0.75
7. Down
-4
Trojan.Win32.Dialer.yz 0.69
8. New!
New!
Virus.Win32.Alman.b 0.64
9. New!
New!
not-a-virus:AdWare.Win32.Agent.zk 0.60
10. New!
New!
Backdoor.Win32.Hupigon.vnd 0.59
11. New!
New!
Trojan-PSW.Win32.OnLineGames.isb 0.59
12. Down
-1
Email-Worm.Win32.Rays 0.58
13. Down
-3
Trojan.Win32.Delf.aam 0.53
14. Down
0
Virus.Win32.Parite.b 0.49
15. New!
New!
Worm.Win32.Mabezat.b 0.49
16. Down
-14
Email-Worm.Win32.Bagle.of 0.48
17. Return
Return
not-a-virus:Monitor.Win32.Perflogger.ad 0.45
18. Return
Return
not-a-virus:Monitor.Win32.Perflogger.ca 0.44
19. Up
+1
Trojan-Spy.Win32.Ardamax.n 0.41
20. New!
New!
not-a-virus:RiskTool.Win32.HideWindows 0.40
Other Malicious Programs 85.27

At last, there’s been a change in the three malicious programs leading our Online Top Twenty. After two months in first place, the adware program Virtumonde has slipped to second, while the other two programs which kept it company at the top in February and March fell further down the rankings.

April’s surprise was the veteran worm Brontok.q – after a third place finish at the end of 2007 and after hovering around sixth place for most of 2008, the worm shot to the top of the rankings. It took advantage of the previous leader experiencing a significant drop from 4.32% in March to 1.58% in April. This suggests that Virtumonde’s authors have eased off the rate at which they are circulating their malicious creation.

The classic file virus, Virut.n, increased its share for the second month in a row: it now ranks just below the top three. The rise of two places in April follows a jump of ten places in March. The authors of Virut.n authors are obviously continuing to develop this malicious program and it’s not difficult to see why. Virus.Win32.Virut.n is not simply a file infector created by a virus writer for amusement – it’s primarily a bot for creating zombie networks. The latter are, of course, becoming increasingly popular and profitable in the world of cybercrime. Incidentally, the only other version of the Virut virus in the Top Twenty – Virut.q – is keeping its namesake company just below in fifth place. It will be interesting to see if one of those two can claim top spot in the coming months.

Among the newcomers to the rankings two programs stand out: the Chinese backdoor program Hupigon.vnd and the Trojan-PSW.Win32.OnLineGames.isb, which is designed for stealing accounts to a range of popular online games such as World Of Warcraft, and Lineage.

April’s Top Twenty shows the continued dominance of malicious programs which are primarily designed to steal a wide range of user passwords.

Summary

  • New: Virus.Win32.Alman.b, not-a-virus:AdWare.Win32.Agent.zk, Backdoor.Win32.Hupigon.vnd, Trojan-PSW.Win32.OnLineGames.isb, Worm.Win32.Mabezat.b, not-a-virus:RiskTool.Win32.HideWindows.
  • Went up: Email-Worm.Win32.Brontok.q, not-a-virus:PSWTool.Win32.RAS.a, Virus.Win32.Virut.n, not-a-virus:Monitor.Win32.Ardamax.ae, Trojan-Spy.Win32.Ardamax.n.
  • Went down: not-a-virus:AdWare.Win32.Virtumonde.gen, Trojan.Win32.Dialer.yz, Email-Worm.Win32.Rays, Trojan.Win32.Delf.aam, Email-Worm.Win32.Bagle.of
  • Re-entry: Virus.Win32.Virut.q, not-a-virus:Monitor.Win32.Perflogger.ad, not-a-virus:Monitor.Win32.Perflogger.ca
  • No change: Virus.Win32.Parite.b

Online Scanner Top Twenty for April 2008

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox