Top 10 viruses and spyware most frequently detected by Panda

08/01/2005. As it does every month, Panda Software has published its ranking of the top ten viruses most frequently detected by its online anti-malware solution, Panda ActiveScan, over the last month (www.activescan.com). A new version of this tool which also detects spyware has recently been made available to users. Based on this feature, Panda Software has also published the top ten spyware programs most frequently detected last month.

The list of the most widespread viruses has not altered drastically this month, with the most significant exception being the absence, for the first time in three months, of Mhtredir.gen at the top of the list. This exploit, according to the data gathered by Panda ActiveScan in July, has been overtaken by the script for the FTP function of SDBot as the most detected malware. By means of this script, certain variants of SDBot are able to download the worm via FTP, if they manage to exploit operating system vulnerabilities, such as LSASS or RPC-DCOM.

It is quite clear that bots are becoming more significant by the day. The script for SDBot is joined in fourth place of the ranking by the generic detection for Gaobot family, a worm with bot functions which is saturating the Internet with several hundred variants. The usefulness of this type of malware for its creators is evident: They can create bot networks in order to carry out a range of actions at will, including spamming or launching coordinated attacks. In fact, it is not uncommon for these bot networks to be leased out to third parties with these nefarious aims.

In general, another tendency that is notable in this ranking, and which has become increasingly apparent over recent months, is that malware creators are forgoing notoriety in exchange for greater profitability of their attacks, keeping users less aware of their malicious techniques. Along these lines, in addition to the two types of malware related to bots (one of the main channels used by those seeking financial gain) there is the Smitfraud virus, which is aimed exclusively at providing financial returns from its actions: it is part of an adware program of the same name that, among other things, fraudulently tries to get users to buy a supposed antispyware program.

Mhtredir, with its BS variant, represents two entries in this month´s ranking, and is a type of malware that exploits unpatched vulnerabilities in computers. Netsky.P on the other hand, continues to be responsible for numerous infections, exploiting a vulnerability that allows execution of attachments simply when viewed in the preview pane. The high rate of infection of both specimens of malware make it all more important for users to be reminded of the need to keep operating systems up-to-date with corresponding security patches, and not to open attachments unless they come from a completely reliable source.

The full list of viruses, worms and Trojans is as follows:

Malware % frequency

W32/Sdbot.ftp
2.47

Exploit/Mhtredir.gen
2.08

W32/Netsky.P.worm
1.94

W32/Gaobot.gen.worm
1.56

Trj/Qhost.gen
1.43

VBS/Psyme.C
1.04

Exploit/Mhtredir.BS
0.95

W32/Smitfraud.B
0.81

Trj/Downloader.DEW
0.75

W32/Parite.B
0.75

In addition to this list, a separate ranking of infections by spyware has been generated. Spyware is a type of malware designed to gather data regarding users’ Internet habits and preferences, which is then sent to the creators of the malware or sold on to third-parties, normally spammers.

The classification of the most widespread spyware over the last month is as follows:

Spyware
% frequency

Spyware/ISTbar
3.32

Spyware/Cydoor
3.01

Spyware/XXXToolbar
2.79

Spyware/New.net
2.54

Spyware/BetterInet
1.13

Spyware/Dyfuca
0.91

Spyware/YourSiteBar
0.75

Spyware/Petro-Line
0.67

Spyware/Altnet
0.57

Spyware/BargainBuddy
0.51

As in previous months, the spyware program that has been most frequently detected is ISTbar, whose main characteristic is that it is an entry point for other similar types of malware, such as spyware, adware or dialers. Much of the rest of this ranking remains unchanged, with many of the specimens now well-known by users, such as Altnet, a type of spyware related to one of the most well-known file sharing programs. The most notable inclusion in its battle of YourSiteBar, a type of spyware of which, like many others, gathers user information and sends it to advertising companies on the Internet.

To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, which now also detects spyware, at http://www.activescan.com. Webmasters who would like to include ActiveScan on their websites can get the HTML code, free from http://www.pandasoftware.com/partners/webmasters.

Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software´s website (http://www.pandasoftware.com/about/subscriptions/) and complete the corresponding form.

For more information about these and other malicious code, visit Panda Software´s Virus Encyclopedia

About PandaLabs

On receiving a possibly infected file, Panda Software´s technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.
For more information: http://www.pandasoftware.com/virus_info/

Oxygen3 24h-365d, by Panda Software
© Panda Software 2003