Thursday, March 02, 2006

Top Ten Viruses in February

For the ninth month running, Sdbot.ftp was the malware most frequently detected by the free, online antivirus PandaActiveScan (www.activescan.com) in the computers of users around the world.

Similarly, there has been a significant number of defections of Netsky.P, one of the oldest examples of malware in the ranking.

Amongthe rest of the threats detected, the third place occupied by Metafile confirms how the vulnerability in the processing of WMF files is being actively exploited.

Meanwhile, Tearec.A remains in fourth place, after the commotion caused last month by its activation on the third of every month.

During February, Sdbot.ftp was responsible for 2.48 percent of infections. Then came the veteran Netsky.P (1.28%), followed by other more recent threats such as Metafile (1.24%), Tearec.A (0.95%), Sober.AH(0.85%) or Bagle.GS (0.84%).

Finally, with less significant frequency rates, came Qhost.gen, Gaobot.gen, Alcan.A and Parite.B.

The continuing rising trend of worms is of particular significance int his month's Top Ten.

While in December, six out of ten of the threats most frequently detected by Panda ActiveScan were worms, this rose in January to seven out of ten and now in February eight out of ten.

The clearest example of the success of worms is Tearec.A (CME-24), also known as Kamasutra, which spread widely using, as is common with this type of threat, social engineering techniques, in this case the lure of e-mails with erotic content.

And once again social engineering is the main factor behind the persistence of Sober.AH, a worm that caused an Orange Alert status at the end of November, and comes in the guise of, among other things, a warning from the FBI.

Another code that stands out is Metafile, an exploit or code written especially to take advantage of a security hole in GDI32.DLL. It's used by programs such as Windows Picture and Fax Viewer, affecting the following Windows platforms: 98, Millennium Edition (ME), 2000, XP and Server 2003.

This confirms that malware creators are taking advantage of the latest vulnerabilities - in this case one affecting processing of WMF files - in order to spread their creations.