Malware reports

Online Scanner Top Twenty for December 2007

 

A look at the December statistics makes it possible for us to draw some preliminary conclusions about the malware landscape in 2007. The situation is still not entirely clear. However, we can say with certainty that first place in our online scanner ratings this year was occupied, more often than not, by Trojan dialer programs. December was no exception.

Trojan.Win32.Dialer.yz took first place in the December rankings, replacing November’s Dialer.qn. Since it was detected on 11th December 2007, this modification has spread widely and actively. Our virus lab has already detected more than 600 variants of this program.

The epidemic of Virut viruses continues. Virut.av retained second place, Virut.q went up five places, and Virut.p joined the throng, making it into fifteenth place. In terms of numbers, programs from the Virut family overtake all other malicious programs in the December Online Top Twenty.

Adware in the form of Browser Helper Objects (BHO) is continuing to evolve. BHO.cc has claimed a place in the rankings for several months in a row now. The program was detected at the beginning of July and spreads together with BitAccelerator. In October this program managed to reach fourth place, dropping down to eleventh place in December. BHO.ic comes hot on its heels in thirteenth place. Incidentally, using Browser Helper Objects isn’t purely the prerogative of adware. Fifth place is occupied by Trojan.Win32.BHO.abo, which looks as though it will be in our rankings for some time to come.

Perflogger, a keylogging program, is in a similar position to Adware.BHO. Two variants of this program re-entered the rankings (in ninth and sixteenth place) with a new variant, Perflogger.cb, joining them by taking twentieth place.

Add the Trojan-Spy program Ardamax.n into the mix, and that gives us four programs (out of the twenty in the rankings) which log keystrokes. Even though this method of stealing data is as old as the hills, it’s still a very popular approach among malicious users.

The gaming Trojan, OnlineGames.isb has disappeared from the rankings. However, we predict that the number of malicious programs designed to steal online gaming accounts will increase in our statistics. This class of malicious programs is evolving steadily and will be one of the main threats in 2008.

Summary:

  1. New: Trojan.Win32.Dialer.yz, Trojan.Win32.BHO.abo, Trojan.Win32.Inject.mt, Trojan.Win32.VB.atg, Virus.Win32.Virut.p, not-a-virus:AdWare.Win32.Virtumonde.bxd, not-a-virus:Monitor.Win32.Perflogger.cb
  2. Went up: not-a-virus:PSWTool.Win32.RAS.a, Virus.Win32.Virut.q, not-a-virus:AdWare.Win32.BHO.ic, Trojan-Spy.Win32.Ardamax.n
  3. Went down: Trojan.Win32.Dialer.qn, Email-Worm.Win32.Rays, not-a-virus:AdWare.Win32.BHO.cc, Packed.Win32.NSAnti.r, Trojan.Win32.Agent.cro
  4. No change: Virus.Win32.Virut.av, Email-Worm.Win32.Brontok.q
  5. Re-entry: not-a-virus:Monitor.Win32.Perflogger.ca, not-a-virus:Monitor.Win32.Perflogger.ad

Online Scanner Top Twenty for December 2007

Your email address will not be published. Required fields are marked *

 

Latest Posts
Latest Webinars
Reports

APT trends report Q3 2024

The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns.

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

Subscribe to our weekly e-mails

The hottest research right in your inbox