A significant amount of attacks on computers stem from various script downloaders
35,103 different malicious and potentially unwanted programs were detected on users’ computers by the Kaspersky Security Network (KSN) during September 2008. This represents an increase of 6,163 on August 2008 statistics and two consecutive months of growth.
In Kaspersky Lab’s top twenty ranking of malicious programs detected on its users’ computers during September 2008 the KSN recorded a change at the top of the chart with the former leader, trojan.Win32.DNSChanger.ech, leaving the top twenty and being replaced by Rootkit.Win32.Agent.cvx. Kaspersky Lab first detected and added the rootkit to its anti-malware databases on 28th August 2008 and throughout September it actively spread across the Internet.
Senior Virus Analyst at Kaspersky Lab, Aleks Gostev states, “Two factors have set the alarm bells ringing. First of all, rootkits are notoriously awkward customers for antivirus software and secondly, very few antivirus programs, as yet, can detect this particular specimen.”
Gostev comments on other revelations from the top twenty, “A significant amount of the attacks on users’ computers stem from various script downloaders. These scripts act as the “trigger” for the majority of “drive-by download” attacks.” Such a trojan downloader - Trojan-Downloader.WMA.Wimad.n – returned to the ranking in second place in September. This multimedia file exploits a vulnerability in Windows Media Player to download various Trojans.
Interestingly, not only have all the AdWare programs from last month - AdWare.Win32.BHO.ca, AdWare.Win32.BHO.sc and AdWare.Win32.BHO.vp - remained in the top twenty, they have consolidated their positions (9th, 11th, 13th and 14th positions).
In Kaspersky Lab’s top twenty ranking of the most common malicious programs among all infected objects detected on users’ computers the changes were minimal compared to August with only four new entries (3rd, 5th, 15th and 20th), however the majority of the programs have file-infection capabilities.
Net-Worm.Win32.Nimda, which unexpectedly claimed first place in August 2008, has been replaced by Virus.Win32.Xorer.du at the top of the ranking.
During September several programs and variants have strengthened their position in this ranking. Notably another member of the Sality family enter the ranking in 5th position - Virus.Win32.Sality.aa - bringing their number to four. The worm - Worm.Win32.Mabezat.b - has become another program to be reckoned with. It initially showed no significant activity after being detected by Kaspersky Lab in November 2007, as it probably went about gradually increasing the number of infected machines and files. Now it has entered the ranking at third place.
Gostev concludes, “Overall, it has to be said that the state of virus and worm activity is rather stable and shows no signs of getting worse. According to KSN data, a number of malicious programs that infect files have been significantly curtailed over the last three months, which is borne out in the examples of the Allaple and Otwycal families falling off of our ranking.”
September 2008: Malicious programs detected by Kaspersky Lab on users’ computers1 New Rootkit.Win32.Agent.cvx
2 Return Trojan-Downloader.WMA.Wimad.n
3 New Packed.Win32.Black.a
4 +8 trojan.Win32.Agent.abt
5 New Trojan-Downloader.HTML.Iframe.sz
6 New Trojan-Downloader.Win32.VB.eql
7 New Trojan-Downloader.JS.IstBar.cx
8 +1 trojan.Win32.Agent.tfc
9 +1 not-a-virus:AdWare.Win32.BHO.ca
10 New Trojan-Downloader.Win32.Small.aacq
11 - not-a-virus:AdWare.Win32.Agent.cp
12 New trojan.Win32.Obfuscated.gen
13 +1 not-a-virus:AdWare.Win32.BHO.sc
14 +1 not-a-virus:AdWare.Win32.BHO.vp
15 +3 trojan.Win32.Chifrax.a
16 -3 Trojan-Dropper.Win32.Agent.tbd
17 +2 trojan.RAR.Qfavorites.a
18 New Email-Worm.Win32.Brontok.q
19 New Trojan-Downloader.JS.Agent.cme
20 -12 Trojan-Downloader.JS.Agent.chk
September 2008: Most common malicious programs among all infected objects detected
1 +1 Virus.Win32.Xorer.du
2 -1 Net-Worm.Win32.Nimda
3 New Worm.Win32.Mabezat.b
4 +2 Virus.Win32.Alman.b
5 New Virus.Win32.Sality.aa
6 -3 Virus.Win32.Parite.b
7 -3 Virus.Win32.Virut.n
8 +7 Virus.Win32.Small.l
9 +5 Virus.Win32.Virut.q
10 -5 Virus.Win32.Parite.a
11 -3 Email-Worm.Win32.Runouce.b
12 Return Virus.Win32.Sality.s
13 +3 Virus.Win32.Hidrag.a
14 Return Virus.Win32.Sality.z
15 New trojan.Win32.Obfuscated.gen
16 -7 Worm.Win32.Fujack.k
17 +3 Virus.Win32.Tenga.a
18 -7 Trojan-Downloader.WMA.GetCodec.d
19 -9 Worm.VBS.Headtail.a
20 New Virus.Win32.Sality.q
Reproduced from an article published by Security Park
© Security Park
The original article can be viewed here:
http://www.securitypark.co.uk/security_article.asp?articleid=262178
Permalink Bookmark Digg this story
