Malware reports

Online Scanner Top Twenty for July 2007

Position Change in position Name Percentage
1. Return
Return
Trojan.Win32.Dialer.cj 8.82
2. New!
New
Backdoor.Win32.IRCBot.acd 4.21
3. Down
-1
Trojan.Win32.Dialer.qn 2.37
4. New!
New
Trojan-Downloader.Win32.Small.eqn 2.31
5. Down
-1
Backdoor.IRC.Zapchast 2.16
6. Down
-3
Trojan-Downloader.Win32.LoadAdv.gen 1.68
7. Return
Return
Backdoor.Win32.mIRC-based 1.55
8. New!
New
Packed.Win32.PolyCrypt.b 1.42
9. New!
New
Trojan-Downloader.Win32.Tibs.mq 1.09
10. New!
New
Trojan-Downloader.Win32.Nurech.bs 1.08
11. Down
-10
not-a-virus:AdWare.Win32.Virtumonde.jp 1.04
12. Return
Return
Virus.VBS.Small.a 0.88
13. New!
New
Backdoor.IRC.Cloner.ae 0.87
14. New!
New
Trojan.Win32.Agent.abe 0.64
15. New!
New
Trojan-Downloader.Win32.BHO.l 0.62
16. New!
New
Trojan-Proxy.Win32.Small.du 0.62
17. Return
Return
not-a-virus:PSWTool.Win32.RAS.a 0.60
18. New!
New
Trojan-Downloader.Win32.Alphabet.gen 0.59
19. New!
New
Trojan.Win32.Dialer.fn 0.55
20. Return
Return
Email-Worm.Win32.Rays 0.52
Other malicious programs 66.38

After a short break, Trojan Dialers are again at the top of the rankings based on the results of our July online scanner activity. In June, as we noted the rise of Dialer.qn, we predicted a new attack of such programs. This month the first position, and a respectable 9%, is taken by Dialer.cj. This Trojan is by no means new on the charts, and it actually topped the rankings in December 2006. Now, seven months later, we are witnessing its comeback.

On the whole, a look at this month’s Top Twenty produces a déjà vu effect: in addition to the two Trojan Dialers among the top three malicious programs, the ranking includes a number of backdoors that enable remote control of a system via IRC channels. These are IRCBot.acd (2nd place), Zapchast (5th), mIRC-based (7th), Cloner.ae (13th). All of them have pushed down various adware programs, which had steadily increased their standing in the rankings in May and June, primarily due to the rise of Virtumonde variants. For the June leader, Virtumonde.jp, this onslaught was too much and it dropped by 10 positions in a single month.

However, this does not mean that adware will give up easily. Althought Trojan-Downloader.Win32.LoadAdv.gen has moved down by three places (from the 3rd to the 6th), in terms of percentage points it has not lost much ground: it accounted for 1.68% of the malware detected in July, compared to 2.14% in June. Since this Trojan downloads various adware programs onto an infected system, it is likely to continue spreading.

The newcomers to the Top Twenty are relatively numerous – 11 malicious programs. As before, almost half of these are new Trojan Downloader variants. Trojan-Downloader.Win32.Nurech and Alphabet.gen, which are used to create botnets, are particularly dangerous.

Classic viruses Virus.VBS.Small.a and Email-Worm.Win32.Rays are back in the ranking. Rays left the Top Twenty ranking a month ago, but in July it somehow managed to make it back to the bottom position. As for its “twin brother”, the Brontok worm, which fell 7 places in the past two months, it did not make it into our latest statistics.

Summary

  1. New: Backdoor.Win32.IRCBot.acd, Trojan-Downloader.Win32.Small.eqn, Packed.Win32.PolyCrypt.b, Trojan-Downloader.Win32.Tibs.mq, Trojan-Downloader.Win32.Nurech.bs, Backdoor.IRC.Cloner.ae, Trojan.Win32.Agent.abe, Trojan-Downloader.Win32.BHO.l, Trojan-Proxy.Win32.Small.du, Trojan-Downloader.Win32.Alphabet.gen, Trojan.Win32.Dialer.fn
  2. Moved down: Trojan.Win32.Dialer.qn, Backdoor.IRC.Zapchast, Trojan-Downloader.Win32.LoadAdv.gen, not-a-virus:AdWare.Win32.Virtumonde.jp
  3. Re-entry: Trojan.Win32.Dialer.cj, Backdoor.Win32.mIRC-based, Virus.VBS.Small.a, not-a-virus:PSWTool.Win32.RAS.a, Email-Worm.Win32.Rays.

Online Scanner Top Twenty for July 2007

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox