Malware reports

Online Scanner Top Twenty for July 2006

Position Change in position Name Percentage
1. No Change
0
Trojan-Spy.Win32.Banker.anv 1.59
2. New!
New
Trojan-Dropper.Win32.Microjoin.bx 1.41
3. No Change
0
Email-Worm.Win32.Rays 1.12
4. Up
+2
Email-Worm.Win32.Brontok.q 0.97
5. New!
New
Trojan-Dropper.Win32.Agent.asl 0.91
6. Up
+4
not-a-virus:PSWTool.Win32.RAS.a 0.85
7. New!
New
Trojan-Dropper.Win32.Agent.arv 0.83
8. New!
New
Trojan-Downloader.Win32.Small.ddp 0.76
9. New!
New
Packed.Win32.Klone.g 0.67
10. New!
New
not-a-virus:AdWare.Win32.Delf.j 0.65
11. Down
-2
Trojan.Win32.VB.ami 0.64
12. Up
+8
Email-Worm.Win32.Bagle.gen 0.58
13. New!
New
not-a-virus:Monitor.Win32.Perflogger.163 0.52
14. Return
Return
Backdoor.Win32.Rbot.gen 0.47
15. Return
Return
Virus.Win32.Parite.b 0.44
16. Down
-4
Trojan-Spy.Win32.Banbra.gi 0.43
17. New!
New
P2P-Worm.Win32.VB.dw 0.42
18. Return
Return
Virus.Win32.Hidrag.a 0.42
19. New!
New
Trojan-Spy.Win32.Agent.gk 0.42
20. New!
New
Trojan-Downloader.Win32.Obfuscated.n 0.42
Other malicious programs 85.48

The July online scanner Top Twenty is something of a watershed as it includes absolutely all classes of malicious program: viruses, worms, Trojans, backdoors, adware and potentially malicious programs. This huge variety one again confirms that today, a computer is vulnerable to attack by any type of malicious program. The question is not whether a computer will be attacked, but how significant the loss will be. In these terms, it’s Trojan spy programs which cause the greatest damage.

As a quick look at the online rankings shows, virus writers are currently obsessed with malicious code which can be used for espionage. This month’s Top Twenty includes more than ten programs which use one method or another to harvest user information and confidential data such as bank account numbers.

Banker.anv holds first place for the third month in a row. This malicious program originates in Brazil, and it’s spread throughout the world. SInce January 2006, it’s invariably to be found somewhere towards the top of the rankings. Russian Trojan writers aren’t lagging behind their Brazilian colleagues either; Trojan-Dropper.Win32.Microjoin.bx occupies second place. This program is one of the most widespread carriers for LdPinch, another spy program of Russian origin. In July, the Russian segment of the Internet was flooded when LdPinch used ICQ to spread, having been installed by Microjoin. Taking into account the fact that LdPinch deletes itself from the victim machine once it has done its work, the presence of Microjoin.bx in second place gives us some idea of the scale on which LdPinch was sent out.

One surprise is the two email worms in the top half of the table. If we compare these rankings with the email traffic rankings, it’s clear that neither Rays nor Brontok are particularly widespread, although both these worms have figured in our online statistics before. Another hybrid creation, Bagle.gen, a combination of a worm and a spy program, is rising up the table to join them. In June, this malicious program was in 20th place; this month, however, it’s reached 12th place, and shows no signs of slowing down.

Among the rest of the malicious programs in this month’s Top Twenty, it’s notable that two classic file viruses, Parite.b and Hidrag.a have staged a return. As if to contradict repeated assertions that classic viruses are on the verge of extinction, these two programs are exhibiting remarkable resilience. Essentially, they have outlived other malicious code (worms and Trojans) which appeared at the same time several years ago. And going on the statistics and user reports that we see, this pair have no intention of surrendering. An estimate of the number of machines infected by these two programs would probably be far larger than the number infected by any worm which caused a global epidemic.

Summary

New Trojan-Dropper.Win32.Microjoin.bx, Trojan-Dropper.Win32.Agent.asl, Trojan-Dropper.Win32.Agent.arv, Trojan-Downloader.Win32.Small.ddp, Packed.Win32.Klone.g, AdWare.Win32.Delf.j, Monitor.Win32.Perflogger.163, P2P-Worm.Win32.VB.dw, Trojan-Spy.Win32.Agent.gk, Trojan-Downloader.Win32.Obfuscated.n
Moved up Email-Worm.Win32.Brontok.q, not-a-virus:PSWTool.Win32.RAS.a, Email-Worm.Win32.Bagle.gen
Moved down Trojan.Win32.VB.ami, Trojan-Spy.Win32.Banbra.gi
Re-entry Backdoor.Win32.Rbot.gen, Virus.Win32.Parite.b, Virus.Win32.Hidrag.a

Online Scanner Top Twenty for July 2006

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox