Top Ten viruses and spyware most frequently detected by Pand

09/01/2005. Panda Software has published its ranking of the top ten viruses and top ten spyware most frequently detected in August by its online anti-malware solution, Panda ActiveScan, (www.activescan.com).

Despite the appearance of the Zotob and IRCBot.KC/KD worms, which exploited the Windows Plug and Play vulnerability to affect numerous media companies and other businesses and institutions especially in the United States, the list of the viruses most frequently detected by Panda ActiveScan in August has not changed radically with respect to the previous month. Sdbot.ftp once again occupies first place in the ranking. This is the detection of a script that downloads the Sdbot worms onto computers via FTP. The old-timer Netsky.P crops up in second place. This notorious worm exploits a vulnerability to run itself automatically.

Third in the list is Mhtredir.gen, a generic detection for a group of Trojans that remotely execute code on the compromised computer, without the user´s consent but with the same privileges. This is followed by Gaobot, a worm with ‘bot’ functions. Bots are a type of malware designed to allow attackers to take malicious action on infected computers. The malware in fifth place is closely related to the previous example. Qhost.gen is a generic detection for the modifications that some malicious code, such as the Gaobot family, make to the Windows HOSTS file.

After this comes Psyme.C, a virus that can reach computers through multiple channels and which, like other malware of this type, reproduces itself by inserting its code in other files or programs. Smitfraud.E is next in the ranking. This malicious code forms part of an adware program with the same name and is designed, among other things, to blackmail users into buying a supposed anti-spyware program.

The last three places in this month’s Top Ten are occupied by Parite.B, a polymorphic virus, and the Qhost.BP and Cityfraud.A Trojans.

In line with the trend that began several months ago, there is a worrying prevalence of malicious code designed to take remote control of computers or that can be exploited for financial return. The presence of this type of malicious code is not normally betrayed by visible symptoms and it is normally installed surreptitiously. For this reason, it is more important than ever for users to have an up-to-date antivirus solution installed on their systems.

The full list of viruses, worms and Trojans is as follows:

               Malware           % frequency
    W32/Sdbot.ftp               2,76
W32/Netsky.P.worm          1,69
Exploit/Mhtredir.gen          1,46
W32/Gaobot.gen.worm        1,39
    Trj/Qhost.gen                1,16
     VBS/Psyme.C                1,04
   W32/Smitfraud.E             0,88
      W32/Parite.B                0,63
      Trj/Qhost.BP                 0,63
   Trj/Citifraud.A                0,6

Panda Software has also drawn up a separate ranking of spyware infections. Spyware is a type of malware designed to gather data about users’ Internet habits and preferences which is then sent to the creators of the malware or sold on to third-parties, normally spammers.

The classification of the most widespread spyware over the last month is as follows:

Spyware          % frequency
Spyware/Cydoor             3,26
Spyware/ISTbar             1,11
Spyware/XXXToolbar        1
Spyware/New.net          0,89
Spyware/BetterInet          0,44
Spyware/Dyfuca             0,32
Spyware/YourSiteBar      0,26
Spyware/Petro-Line      0,23
Spyware/Altnet          0,23
Spyware/BargainBuddy    0,23

The most widespread spyware during August was Cydoor, a spyware program that requests user data such as name, surname, city, country, etc, and if it manages to get these details, it shares them with other spyware programs and uses them to display advertising. It also has the ability to execute arbitrary code on the compromised computer. The rest of the programs that make up the ranking of spyware detections remain the same as the previous month, and most examples are now well known to users.

To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, at: www.pandasoftware.com/activescan and SpyXposer, the free spyware detection tool, also available online at: http://www.pandasoftware.com/products/spyxposer/com/spyxposer_principal.htm. Webmasters who would like to include ActiveScan on their websites can get the HTML code, free from http://www.pandasoftware.com/partners/webmasters.

Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software´s website (http://www.pandasoftware.com/about/subscriptions/) and complete the corresponding form.

For more information about these and other malicious code, visit Panda Software´s Virus Encyclopedia.

About PandaLabs
Since 1990, PandaLabs´ mission has been to analyze new threats as soon as possible to ensure that our clients are safe. Several teams specialized in each specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc.) work 24x7 to offer global coverage. To do this they are supported by TruPrevent™ Technologies, a truly global early warning system made up of sensors that are strategically distributed and neutralize new threats and send them to PandaLabs for in-depth analysis. According to AV-Test.org, PandaLabs is the fastest in the industry to offer complete updates (more information at www.pandasoftware.com/pandalabs.asp).

Oxygen3 24h-365d
by Panda Software

2005-09-04 11:41

Back

IT News: