Spyware accounted for 31% of all infections recorded by ActiveScan, Panda Software’s online scanner, in March. These spy programs compile information about users’ Internet activity for various purposes, such as displaying personalized adverts.
“Spyware accounts for so many infections largely due to the way it spreads. Lately e have witnessed a notable increase in the number of exploits that use web pages to install adware. Users do not even have to agree to the terms and conditions for installation of the malicious code, as before. Also, since users have not installed these codes knowingly, it is more difficult to detect them, and they remain on computers for longer,†indicates Luis Corrons, technical director of PandaLabs.
Trojans were the second most frequent malware type in March (25% of all infections). The reason why spyware and trojans are the most widespread malware is due to the fact that they are the most widely used for financial gain, cyber-crooks’ main objective. 6% of infections in March were caused by trojans, and 5% by dialers. Backdoor trojans and bots were the culprits in 4% of cases.
As with previous months, a large number of infections fall into the ‘Other’ category. “This is just another example of how inaccurate it is to call all malicious code viruses, as malware is nowadays more diverse than ever. This category includes viruses as such, but also jokes, hacking tool, cookies…â€, explains Corrons.
As for the most active malware, there has been a large number of new additions to the list. Lozyt.A has risen rapidly in the list. This malware appeared only a month ago but is already the second most virulent code.
Lozyt.A is a trojan that ends processes belonging to several security tools. In this way, it exposes the target system to new threats. Then, it connects to the server and downloads the ErrorSafe adware.
The malware that caused most infections in March was Sdbot.ftp, the generic detection of the script created by the members of the Sdbot family of worms to perform downloads. This malicious code has been at the top of the most active malware list for over a year.
Brontok.H occupies third place. This is a worm that spreads by copying itself to the affected system. In fourth place comes the Clicker.ZJ trojan, which allows attackers to enter infected computers. This is one of the new codes on this month’s list.
Puce.E has dropped from third place to fifth in March. This is a worm that uses P2P networks to spread. Bagle.HX, in sixth place, is a member of the Bagle family of worms that tries to evade detection by using rootkit features to end processes belonging to several security solutions.
Â
|
Malware |
% of infections |
Previous position |
|
W32/Sdbot.ftp.worm |
1.72 |
1 = |
|
Trj/Lozyt.A |
1.36 |
New |
|
W32/Brontok.H.worm |
1.33 |
4 up |
|
Trj/Clicker.ZJ |
1.26 |
New |
|
W32/Puce.E.worm |
1.24 |
3 down |
|
W32/Bagle.HX.worm |
1.16 |
2 down |
|
Application/SpyDawn |
1.01 |
New |
|
Bck/PcClient.DU |
0.96 |
7 = |
|
Trj/KillAV.FG |
0.93 |
New |
|
Trj/Downloader.NBT |
0.91 |
New |
SpyDawn, a PUP (Potentially Unwanted Program) is in seventh place. This is another new in the list. SpyDawn is a false anti-spyware program that installs on the system without the user knowing.
PcClient.DU is eighth. This is a backdoor trojan that opens a port in the target computer so that a remote attacker can control it.
The last two places are occupied by codes that make their debut in the list. KillAV.FG is a trojan that prevents several security solutions from operating correctly and connects to a server to allow the infected computer to be controlled remotely.
The Downloader.NBT trojan reduces the computer security level by changing the Internet Explorer security settings.
