Wednesday, May 03, 2006

April Top 10 Viruses

April could be described as a calm month withrespect to virus epidemics, but appearances can deceive.

Thousands of malicious codes are awaiting the opportunity to install themselves onthe computers of unwary users.

This relative calm is what the creators of malware are looking for, as they are now driven by the potential of financial return and are well aware that clamorous epidemics do not serve their objectives.

For this reason, they try to insert their creations on users' computers as discreetly as possible.

In April, Sdbot.ftp once again occupied first place in the ranking. This is a script used by the Sdbot family of worms to download themselves onto computers via FTP.

After this, the next most frequently detected malicious code was Nestky.P, which has figured in the ranking for the last two years.

Exploit/Metafile was in third place. This is the detection of an exploit of the vulnerability in the processing of WMF files in Windows.

From this it can be deduced that despite not having been used to cause massive epidemics, malware creators view this security problem as a good way to insert their creations on users' computers, and for this reason they have been using it assiduously.

Other malicious code in the list include the Lowzones.RI Trojan, theTearec.A worm -also called Kamasutra- and the Qhost and Torpig.AY Trojans.

April's ranking is completed by the Parite.B worm -another habitual offender in the list of frequently detected viruses-, the Torpig.AZ Trojan and the generic detection for members of the numerous Gaobotf amily of worms.

Malware % frequency
W32/Sdbot.ftp 2.10
W32/Netsky.P.worm 1.07
Exploit/Metafile 0.79
Trj/LowZones.RI 0.64
W32/Tearec.A 0.62
Trj/Qhost.gen 0.51
Trj/Torpig.AY 0.51
W32/Parite.B 0.50
Trj/Torpig.AZ 0.48
W32/Gaobot.gen.worm 0.48

The most notable feature of this ranking is the presence of malicious code that uses vulnerabilities to install itself on systems.

This would suggest that there are numerous computers that have not been updated and which could therefore become a breeding ground for the distribution ofmalware. Users need to stay informed about the discovery of new vulnerabilities affecting software and to install the necessary patches to correct them.

Links to this post:

Create a Link

<< Home