Authors
| Position | Change in position | Name | Percentage |
| 1. |  +8 |
Packed.Win32.PolyCrypt.b | 2.05 |
| 2. | +1 |
Trojan.Win32.Dialer.qn | 1.65 |
| 3. | +3 |
Trojan-Downloader.Win32.LoadAdv.gen | 1.42 |
| 4. |  Return |
Email-Worm.Win32.Brontok.q | 1.11 |
| 5. |  -3 |
Backdoor.Win32.IRCBot.acd | 0.96 |
| 6. | -2 |
Trojan-Downloader.Win32.Small.eqn | 0.95 |
| 7. | Return |
Trojan-Spy.Win32.Bancos.aam | 0.94 |
| 8. | Return |
Trojan-Downloader.Win32.Small.ddp | 0.90 |
| 9. | +8 |
not-a-virus:PSWTool.Win32.RAS.a | 0.90 |
| 10. | +10 |
Email-Worm.Win32.Rays | 0.84 |
| 11. |  0 |
not-a-virus:AdWare.Win32.Virtumonde.jp | 0.81 |
| 12. |  New! |
not-a-virus:Monitor.Win32.Perflogger.ca | 0.72 |
| 13. | New! |
Backdoor.Win32.Bifrose.aci | 0.57 |
| 14. | New! |
Trojan.Win32.Agent.asu | 0.55 |
| 15. | Return |
Trojan-Spy.Win32.Delf.uv | 0.53 |
| 16. | New! |
Trojan-Spy.Win32.Ardamax.e | 0.53 |
| 17. | Return |
IM-Worm.Win32.Sohanad.t | 0.52 |
| 18. | Return |
not-a-virus:Monitor.Win32.Perflogger.ad | 0.52 |
| 19. | -7 |
Virus.VBS.Small.a | 0.51 |
| 20. | Return |
Trojan.Win32.Obfuscated.en | 0.50 |
| Other malicious programs | 82.52% | ||
It seemed as though we had almost completely got rid of the Rays and Brontok worms. In June, Rays did not make the Top Twenty, but it was back again hanging onto twentieth place in July. Brontok’s position dropped over the same period by seven places each month, and the worm didn’t even make the Top Twenty in July. The two both made a comeback in August, however. Brontok returned with a bang in fourth place, and Rays climbed ten positions, making it into the Top Ten.
In general, the changes in online statistics are much less than significant than they have been over the past few months. Only 4 new malicious and potentially unwanted programs have emerged. The percentages of all of the programs that made the top twenty are extremely small – Packed.Win32.PolyCrypt.b, the leader in August, garnered just 2%. This is striking compared to Dialer.cj’s chart-topping 9% in July (which nevertheless did not prevent it from disappearing without a trace in August).
Malicious programs such as Bancos.aam and Trojan-Downloader.Win32.Small.ddp also managed to make a comeback in August. The former covers several hundred spyware programs which target both user bank accounts and the clients used to access certain stock exchange trading systems. What distinguishes Bancos.aam is its special ‘interface’: the Trojan can be used as a botnet component, making it possible for a malicious user to send individual instructions to each infected machine about which payment system accounts to target. Small.ddp is also designed to install several malicious botnet components on infected systems.
Overall, there are more Trojan Spies in the Top Twenty this month than there were in June or July. Newcomers include Trojan-Spy.Win32. Ardamax.e, a keylogger, and Perflogger.ca, which has similar functionality but is a legitimate program. In addition to Perflogger.ca, Perflogger.ad, another potentially unwanted program also made the Top Twenty this month (18th place).
The leader in June, a piece of adware called Virtumonde.jp, was able to stop its decline after a ten-position plummet in July, and placed 11th in August. Expect to see more of this program, since its main carrier, Trojan-Downloader.Win32.LoadAdv.gen, has once again been ranked in the top three most common malicious programs, up from sixth place. This means more new variants of Virtumonde can be expected in the future.
- New: not-a-virus:Monitor.Win32.Perflogger.ca, Backdoor.Win32.Bifrose.aci, Trojan.Win32.Agent.asu, Trojan-Spy.Win32.Ardamax.e
- Moved up: Packed.Win32.PolyCrypt.b, Trojan.Win32.Dialer.qn, not-a-virus:PSWTool.Win32.RAS.a, Email-Worm.Win32.Rays.
- Moved down: Backdoor.Win32.IRCBot.acd, Trojan-Downloader.Win32.Small.eqn, Virus.VBS.Small.a
- Re-entry: Email-Worm.Win32.Brontok.q, Trojan-Spy.Win32.Bancos.aam, Trojan-Spy.Win32.Delf.uv, IM-Worm.Win32.Sohanad.t, not-a-virus:Monitor.Win32.Perflogger.ad, Trojan.Win32.Obfuscated.en
Authors
From the same authors
In the same category
Online Scanner Top Twenty for August 2007