Malware reports

Online Scanner Top Twenty for January 2008

Position Change in position Name Percentage
1 No Change
0
Trojan.Win32.Dialer.yz 2.56
2 New!
New
Trojan-Clicker.Win32.Small.kj 1.39
3 Down
-1
Virus.Win32.Virut.av 1.31
4 Up
+3
Trojan.Win32.Inject.mt 1.30
5 No Change
0
Trojan.Win32.BHO.abo 1.18
6 New!
New
Trojan-Downloader.Win32.Small.hlr 1.10
7 Down
-4
Email-Worm.Win32.Brontok.q 1.08
8 New!
New
Virus.Win32.Virut.n 1.04
9 Down
-5
not-a-virus:PSWTool.Win32.RAS.a 1.00
10 New!
New
Trojan-Downloader.Win32.Bagle.hj 0.80
11 New!
New
Trojan-Dropper.Win32.Agent.dgo 0.78
12 Up
+2
Trojan-Spy.Win32.Ardamax.n 0.73
13 New!
New
Trojan.Win32.BHO.agz 0.71
14 Down
-5
not-a-virus:Monitor.Win32.Perflogger.ca 0.62
15 New!
New
Trojan-Downloader.Win32.Bagle.hk 0.62
16 New!
New
Trojan-Downloader.Win32.Bagle.hi 0.61
17 Down
-1
not-a-virus:Monitor.Win32.Perflogger.ad 0.56
18 Up
+2
not-a-virus:Monitor.Win32.Perflogger.cb 0.53
19 New!
New
not-a-virus:PSWTool.Win32.Messen.g 0.50
20 Return
Return
Worm.Win32.AutoIt.c 0.46
Other malicious programs 81.12

There’s no such thing as New Year in the virus world. And it’s definitely not a time for seeing out the old and bringing in the new. Statistics for January show that the malware and potential malicious programs in circulation are remarkably similar to those in last month’s rankings.

Trojan dialers continue to dominate the top of the online chart for yet another month with Dialer.yz holding on to first place for the second month in a row. Trojan-Clicker.Win32.Small.kj – detected way back in March 2006 – was the surprise entrant in second place.

More importantly, the Virut virus epidemic continues unabated. The principal and most widespread variant of the family – Virut.av – is still in the top three. Those keeping it company in December – Virut.q and .p – were replaced in January by a new version – Virut.n.

Browser Helper Objects suffered a slight downturn, with only two of the three December entries remaining. However, this did not affect the showing of Trojan.Win32.BHO.abo, which held on to fifth place.

At the same time a wave of Bagle Trojan-Downloaders has suddenly burst into the Top Twenty. They may not rank very high at the moment – tenth, fifteenth and sixteenth places – but this type of activity threatens to pose an ever-greater risk to PC users. Incidentally, this trend was not reflected in the mail traffic statistics.

The veteran Brontok.q once again slipped down the rankings, falling four places in January. Its constant companion, the Rays worm, fared even worse: after slipping to tenth place last month it has now fallen off the bottom of the rankings. These two worms, however, have been such a familiar feature of our Top Twenty for so long and have bounced back before that it may be too premature to write them off completely.

Overall, keyloggers proved the dominant force in the Top Twenty with six entries; PSWTool.Win32.RAS.a, Ardamax.n, Perflogger.ca, Perflogger.cb, and Perflogger.ad were joined by a new entry for January, PSWTool.Win32.Messen.g.

Summary

  • New: Trojan-Clicker.Win32.Small.kj, Trojan-Downloader.Win32.Small.hlr, Virus.Win32.Virut.n, Trojan-Downloader.Win32.Bagle.hj, Trojan-Dropper.Win32.Agent.dgo, Trojan.Win32.BHO.agz, Trojan-Downloader.Win32.Bagle.hk, Trojan-Downloader.Win32.Bagle.hi, not-a-virus:PSWTool.Win32.Messen.g.
  • Went up: Trojan.Win32.Inject.mt, Trojan-Spy.Win32.Ardamax.n, not-a-virus:Monitor.Win32.Perflogger.cb.
  • Went down: Virus.Win32.Virut.av, Email-Worm.Win32.Brontok.q, not-a-virus:PSWTool.Win32.RAS.a, not-a-virus:Monitor.Win32.Perflogger.ca, not-a-virus:Monitor.Win32.Perflogger.ad.
  • Re-entry: Worm.Win32.AutoIt.c.

Online Scanner Top Twenty for January 2008

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox