Malware reports

Online Scanner Top Twenty for January 2007

Position Change in position Name Percentage
1. New!
New!
Trojan.Win32.Diamin.fc 3,15
2. New!
New!
Trojan-Downloader.Win32.Small.edb 2,45
3. Up
+2
Email-Worm.Win32.Rays 1,64
4. Up
+9
Trojan-Downloader.Win32.Small.dam 1,61
5. New!
New!
Trojan.Win32.Diamin.bl 1,38
6. New!
New!
Trojan.Win32.Dialer.la 1,37
7. New!
New!
Trojan-Clicker.Win32.Agent.ir 1,35
8. Return
Return
not-a-virus:Monitor.Win32.Perflogger.163 1,30
9. No Change Email-Worm.Win32.Brontok.q 1,24
10. New!
New!
Backdoor.Win32.Bifrose.acs 1,23
11. Up
+8
not-a-virus:PSWTool.Win32.RAS.a 1,16
12. New!
New!
Trojan.Win32.Diamin.am 1,15
13. Down
-12
Trojan.Win32.Dialer.cj 0,99
14. New!
New!
EICAR-Test-File 0,86
15. Up
+3
Trojan-Downloader.Win32.INService.gen 0,83
16. Down
-5
Email-Worm.Win32.Bagle.gt 0,82
17. New!
New!
not-a-virus:Monitor.Win32.Perflogger.ad 0,79
18. New!
New!
not-a-virus:Monitor.Win32.Perflogger.bx 0,77
19. Return
Return
not-a-virus:AdWare.Win32.Softomate.u 0,76
20. New!
New!
Trojan-Spy.Win32.Bancos.zm 0,74
Other malicious programs 74,41

Several months ago we highlighted the unexpected appearance of a large number of Trojan dialer programs in our statistics. Very soon they had not only squeezed out the Trojan-Spy and Trojan-Downloader programs, but had also managed to climb to the top of the table. Whereas in December the leader was Dialer.cj, the January Online Top Twenty includes several representatives of the Diamin family, with Diamin.fc leading the rankings. This Trojan family has been around for a while; it appears to have been created in Italy and these programs are quite widespread in the European segment of the Internet.

The total number of dialers in the Top Twenty is five. This confirms that programs from this class are currently undergoing a rapid evolution.

Nevertheless, Trojan-Downloader programs, the most widespread class of Trojans, remain among the leaders: representatives of this class are in second and fourth place in our January rankings. This is not surprising, as these are versatile applications which allow cybercriminals to install other malicious programs on infected computers.

Trojan spies are also holding their own. This month, keyloggers occupy several positions in our table: Perflogger (3 variants) and RAS. From a virus analyst’s viewpoint, these programs cannot be classified as pure Trojans, but they do have a spy function and we are therefore obliged to include them in our reports.

As for worms, there have been no significant changes: Rays and Brontok have, as is traditional, made it into the charts, accompanied by the Virus Top Twenty leader, Bagle.gt. This latter worm, however, managed to reach the sixteenth place in the online rankings, dropping five positions since December.

As for programs with true spy functionality, only the Brazilian program Bancos.zm made it into the Top Twenty. This Trojan-Spy targets the data of users who have accounts at Banco Nossa Caixa S.A and poses very little threat to Internet users in Europe, America and Asia.

Summary:

  • New:
    Trojan.Win32.Diamin.fc, Trojan-Downloader.Win32.Small.edb, Trojan.Win32.Diamin.bl, Trojan.Win32.Dialer.la, Trojan-Clicker.Win32.Agent.ir, Backdoor.Win32.Bifrose.acs, Trojan.Win32.Diamin.am, EICAR-Test-File, not-a-virus:Monitor.Win32.Perflogger.ad, not-a-virus: Monitor.Win32.Perflogger.bx, Trojan-Spy.Win32.Bancos.zm
  • Moved up: Email-Worm.Win32.Rays, Trojan-Downloader.Win32.Small.dam, not-a-virus:PSWTool.Win32.RAS.a, Trojan-Downloader.Win32.INService.gen,
  • Moved down: Trojan.Win32.Dialer.cj, Email-Worm.Win32.Bagle.gt
  • Re-entry: not-a-virus:Monitor.Win32.Perflogger.163, not-a-virus:AdWare.Win32.Softomate.u

Online Scanner Top Twenty for January 2007

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox