The PandaLabs monthly ranking of the most prevalent malware saw several newly-discovered malicious codes entering for the first time in November. The W32/Nuwar worm, which entered directly in fourth place, stands out in particular. This worm spreads in email messages with text referring to the ‘Third World War’ or the supposed deaths of Bush or Putin.
Another new entry in the list, Banbra.DJM, is actually a variant of a classic family of Trojans designed to capture login details for several Brazilian banking services.
The last new entry is the Trj/Spamer.T Trojan, which represents a classic example of how malicious code is now being used by hackers: surreptitiously entering a computer and then turning it into a platform for sending out spam.
Among the veteran viruses in the list we find Sdbot.ftp once again occupying first place. This is a script used by the Sdbot family of worms to download themselves onto computers via FTP. Although this malware has topped the rankings throughout 2006, in November there has been a slight decrease in the number of infected systems. Whereas in October it was detected in 2.08 percent of infected computers, this figure dropped in November to 1.9 percent.
Virus name                  % frequency    Previous month’s position
W32/Sdbot.ftp.worm  1.90    1 =
Trj/Torpig.AÂ Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 1.43Â Â Â Â 2 =
Trj/Abwiz.AÂ Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 1.22Â Â Â Â 3 =
W32/Nuwar.A.worm  1.00    New
W32/Puce.E.worm      0.99    5 =
Trj/QQPass.JZÂ Â Â Â Â Â Â Â Â Â Â Â 0.98Â Â Â Â 6 =
Trj/Ba nbra.DJMÂ Â Â Â Â Â Â Â Â 0.95Â Â Â Â New
Trj/Qhost.gen              0.95    9 Up
W32/Netsky.P.worm  0.92    4 Down
Trj/Spamer.TÂ Â Â Â Â Â Â Â Â Â Â Â Â Â Â 0.82Â Â Â Â New
In second place once again we find Torpig.A, which after rising rapidly to prominence in October, has remained stable, and was responsible for just under 1.5 percent of infections in November. Trj/Abwiz.A is also unchanged in third place in the list. This Trojan can be used to steal passwords stored on systems.
The veteran Netsky.P, a worm that exploits an vulnerability in Internet Explorer to run itself automatically, has dropped several places. This, along with the decrease in incidents involving Sdbot.ftp, could be an indication of an improvement in installations on computers, as both malicious codes directly exploit vulnerabilities which have been corrected for some time.
Luis Corrons, director of PandaLabs, is still cautious however. “Even though the data suggests that operating systems are more up-to-date than before, the presence of Netsky.P in the Top 10 is still a worry.”
The reason for this, according to Corrons, is “the general lack of awareness about the need to keep systems adequately protected, which could lead to real catastrophes during the Christmas shopping period. Shopping online without adequate protection not only jeopardizes information stored on disk, but could also have disastrous financial consequences, particularly for those using online banking services.”
Panda Software also advises users to scan their systems with ActiveScan, a free solution available from www.pandasoftware.com/activescan which can detect even unknown malicious code hidden on systems.
