Spyware and trojans were the malware responsible for most infections in February, according to PandaLabs. As in January, spyware accounted for 33% of the infections detected by ActiveScan. Meanwhile, trojans have increased two points in comparison to January, causing 25% of infections.
“The aim of malware creators is purely financial and trojans and spyware are the best types of malware for this purpose. That is why they are so widely distributed,†explains Luis Corrons, Technical Director of PandaLabs.
Other types of malware are way behind these two. Worms, with 6%, were third. Followed by dialers ( 5%), backdoor trojans (4%) and bots (3%).
“Interestingly, 24% of infections come under the category ‘other’, which includes viruses, cookies, etc. This indicates that there is an increasing variety of malware and the combined impact is considerably serious. In general, people still talk of ‘viruses’ when the truth is that malware is more varied than ever,†adds Corrons.
Regarding new examples of malware, 60% of those detected in February were trojans. This is 11 points up on January.
“The distribution of the new variants that appeared last month is very significant. This classification indicates where malware creators are heading. The high number of new trojans confirms that cyber-crooks have exclusively financial aims,†explains Corrons.
After trojans came bots and backdoor trojans, followed by worms (8%), dialers (3%) and spyware (1%).
“Spyware is the type of malware causing most infections. Nevertheless, the number of new variants is lower. One of the reasons for this is the way it is distributed. This kind of malware frequently forms part of legitimate programs. Some sub-categories such as adware, are not considered dangerous since they usually only display adverts. That is why spyware remains active on computers for longer, even though there are less new variants,†adds Corrons.
Regarding February’s most active malicious codes, Sdbot.ftp is in the first position once again. Sdbot.ftp is the generic script detection that certain worms exploit to download Sdbot onto a computer. This worm has been the most active malware for more than twelve months.
In second place is Bagle.HX. This worm was in the tenth position last month. Bagle.HX is from the Bagle family of worms, one of the most active last year. This variant uses rootkit features to hide its processes. It also disables some security solutions’ functions. The aim of both characteristics is to make it more difficult to detect.
Â
|
Viruses |
Infection % |
Previous position |
|
W32/Sdbot.ftp.worm |
1.65 |
1 = |
|
W32/Bagle.HX.worm |
1.39 |
10 up |
|
W32/Puce.E.worm |
1.16 |
3 = |
|
W32/Brontok.H.worm |
1.15 |
6 up |
|
W32/Nurech.A.worm |
1.14 |
New |
|
Trj/Abwiz.A |
1.05 |
4 down |
|
Bck/PcClient.DU |
0.88 |
5 down |
|
Trj/Torpig.A |
0.86 |
2 down |
|
W32/Netsky.P.worm |
0.84 |
8 down |
|
Trj/Rizalof.TT |
0.84 |
New |
Â
Puce.E is in the third position, as it was last month. It is a worm that spreads through P2P networks. The fourth and fifth positions also correspond to two worms: Brontok.H and Nurech.A. The first spreads by making copies of itself on the affected system. The second is the first variant of a family that was very active in February. What’s more, Nurech.A caused PandaLabs to declare an Orange Virus Alert half way through the month.
Nurech.A spreads in subjects pretending to be greeting cards. It hides in an attached executable file with names like Flash Postcard.exe or Greeting Card.exe. Nurech.A is one of the few new entries in the list.
“Users think there are no dangerous threats. That is why they don’t bother to update their anti-malware solutions or download security patches. This allows old malicious codes to continue infecting computers. This is also the reason why there are few new variants among the most active malware month after month†explains Corrons.
Abwiz.A has dropped from fourth to sixth position. It is a Trojan designed to steal passwords stored on the system. In seventh position is PcClient.DU, a backdoor trojan which opens a port in the system in order to allow attackers to remotely control the infected computer.
Torpig.A is the malware that has decreased most drastically in February. It has gone from second to eighth position. Torpig.A is a trojan that steals confidential data from users, such as passwords stored on certain Windows services.
Netsky.P is in the ninth position. It is a worm that uses specific Internet Explorer vulnerabilities in order to spread. The tenth most active malware in February was Rizaloff.TT. This trojan captures users’ confidential data.
All users that want to know whether their computers have been attacked by these or other malicious code can use ActiveScan, the free solution available at: www.pandasoftware.com/activescan. Users can carry out a complete inspection, free of charge, of all the areas of their computers that they suspect may be infected.
More information about these and other threats is available in Panda Software’s Encyclopedia at http://www.pandasoftware.com/virus_info/encyclopedia/
