Top Ten viruses and spyware most frequently detected by Pand

2/1/2006. - In January, Sdbot.ftp was the malware specimen most frequently detected by the free online antivirus solution Panda ActiveScan. In addition to this malicious code topping the ranking for the seventh month running, other notable aspects of this month´s list include the second place held by Metafile and the presence of Tearec.A in sixth place. With respect to spyware, New.net occupies first place in the ranking.

During the first month of this year, Sdbot.ftp was responsible for 2.99 percent of infections. Then comes Metafile(1.99%), Sober.AH (1.30%), and Netsky.P (1.25%). After them, with frequency percentages of less than 1 percent, come: Gaobot.gen; Tearec.A; Torpig.A; Qhost.gen; Alcan.A and Parite.B.

Malware                             % frequency
W32/Sdbot.ftp                         2.99
Exploit/Metafile                        1.99
W32/Sober.AH.worm               1.30
W32/Netsky.P.worm                1.25
W32/Gaobot.gen.worm            0.90
W32/Tearec.A.worm                 0.80
Trj/Torpig.A                               0.80
Trj/Qhost.gen                           0.76
W32/Alcan.A.worm                   0.70
W32/Parite.B                           0.61

The following conclusions can be drawn from the Top Ten ranking of the threats most frequently detected by Panda ActiveScan in January:

- Sdbot.ftp:seven months at the head of the ranking.
Sdbot.ftp has been, since July 2005, the threat that has had most impact. This is a script used by certain malware specimens to download -via FTP- the Sdbot worm. It does this by exploiting several operating system vulnerabilities such as LSASS or RPC-DCOM.

- The high profile of Metafile.
Metafile, which first appeared towards the end of December 2005, was the second most prevalent threat in January 2006. This is an exploit or code written especially to take advantage of a security hole in GDI32.DLL -used by programs such as Windows Picture and Fax Viewer-, affecting the following Windows platforms: 98, Millennium Edition (ME), 2000, XP and Server 2003.

The impact of Metafile, along with the pole position of Sdbot.ftp, once again highlights the success of malware creators in exploiting vulnerabilities in major programs to bolster the impact of their creations.

- Tearec.A:social engineering once again hand-in-hand with Internet threats.
In mid-January, Tearec.A hit computers around the world, and was, for some days, the most frequently detected malware by the free, online antivirus solution Panda ActiveScan. Its successful propagation was based largely on the use of social engineering techniques by its creator. The e-mails in which Tearec.A spread used erotic themes in order to trick recipients.

-The growing presence of worms.
Seven out of ten of the viruses in January´s Top Ten are worms, reflecting the growing trend apparent in the previous ranking (in which six out of the Top Ten belonged to this category) with a corresponding decline in the presence of Trojans.

January’s spyware ranking sees the first place remain unaltered with respect to the previous month, with New.net (1.28%) in first place. The remaining examples of spyware in the Top Ten all have frequency percentages of less than 1%: Smitfraud, Virtumonde, RXToolbar, Altnet, BetterInet, Media-motor, SafeSurf, MarketScore and Petro-Line. The most notable aspects with respect to December’s classification is the appearance of Smitfraud and SafeSurf, replacing Cydoor and Premeter, which last month held second and third place respectively.

Spyware                                % frequency
Spyware/New.net                        1.28
Spyware/Smitfraud                      0.55
Spyware/Virtumonde                   0.46
Spyware/RXToolbar                     0.37
Spyware/Altnet                            0.35
Spyware/BetterInet                     0.29
Spyware/Media-motor                 0.26
Spyware/SafeSurf                        0.23
Spyware/MarketScore                  0.22
Spyware/Petro-Line                     0.20

To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, at: www.pandasoftware.com/activescanand SpyXposer, the free spyware detection tool, also available online at: http://www.pandasoftware.com/products/spyxposer/com/spyxposer_principal.htm. Webmasters who would like to include ActiveScan on their websites can get the HTML code, free from http://www.pandasoftware.com/partners/webmasters.

Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software´s website (http://www.pandasoftware.com/about/subscriptions/) and complete the corresponding form.

For more information about these and other malicious code, visit Panda Software´s Virus Encyclopedia

About PandaLabs
Since 1990, PandaLabs’ mission has been to analyze new threats as soon as possible to ensure that our clients are safe. Several teams specialized in each specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc.) work 24x7 to offer global coverage. To do this they are supported by TruPrevent™ Technologies, a truly global early warning system made up of sensors that are strategically distributed and neutralize new threats and send them to PandaLabs for in-depth analysis. According to AV-Test.org, PandaLabs is the fastest in the industry to offer complete updates (more information at www.pandasoftware.com/pandalabs.asp).

Oxygen3 24h-365d
by Panda Software

2006-02-03 15:05

Back

IT News: