Top Ten viruses most frequently detected ...

With the absence of widespread virus alerts, the first six months of 2006 has seemingly been a relatively quiet period. Yet this apparent calm is the result of the drive of malware creators to infect computers silently, ensuring their malicious code can operate undetected for a long as possible. An indication that they are still as busy as ever is the 19,367 new viruses detected over the last six months, only slightly less than for the same period in 2005, but which nevertheless accounts for 16 percent of all malware currently recognized by Panda Software.

Over the first half of 2006, Sdbot.ftp was the malware specimen most frequently detected by the free online antivirus solution, Panda ActiveScan. This is a script used by the Sdbot family of worms to download themselves onto computers via FTP. Exploit/Metafile was in second place in the ranking. This malicious code is designed to exploit a critical vulnerability in the processing of images by Windows, which could allow a WMF file to be used to run code on a computer. Netsky.P, a worm first detected in 2004, was in third place.

Next came Sober.AH, an email worm that reduces the security level of infected computers. This was followed by Tearec.A, a worm also known as Kamasutra, which uses erotic content to entice users. Gaobot.gen was in sixth place. This worm can open an IRC backdoor to allow remote control commands to be taken on the infected computer. In seventh place came Qhost.gen, a detection of code used by other worms, such as the Gaobot family, which tries to prevent access to web pages related to security companies. The last three in the ranking were Alcan.A and the Parite.B and Smitfraud.D viruses.

Malware                frequency
W32/Sdbot.ftp        2.66
Exploit/Metafile       1.33
W32/Netsky.P         1.28
W32/Sober.AH         0.85
W32/Tearec.A          0.81
W32/Gaobot.gen     0.68
Trj/Qhost.gen          0.68
W32/Alcan.A.worm 0.63
W32/Parite.B           0.62
W32/Smitfraud.D     0.41

The main conclusion to draw from the Top Ten of the first six months in 2006 is that worms have been the most widespread malicious code. Some 60 percent of the malware in the Top Ten were from this category. One significant fact is that the new variants of the Bagle worm, despite having been circulated just a few weeks ago, almost entered the list (they were in 11th place), confirming the powerful propagation capacity of this code. Trojans and viruses accounted for 20 percent each of the malware detected.

The high numbers of worms would indicate that malware creators are taking advantage of this type of malicious code as the best means for spreading their creations, given the numerous vulnerabilities that can still be exploited on numerous computers. Another issue is the number of worms that try to debilitate computer security, terminating processes or preventing access to security web pages. This prepares the ground for malware creators to launch further attacks with greater chances of success.

This data highlights how many computers are not sufficiently protected, either through a lack of anti-malware solutions or through failure to apply patches to resolve vulnerabilities some of which have been around for years. Panda Software advises all users to keep themselves informed of security problems that could affect their computers and make sure they have an up-to-date security solution.

For more information about these and other malicious code, visit Panda Software´s Virus Encyclopedia

Oxygen3 24h-365d
by Panda Software

2006-07-07 11:46

Back

IT News: