In January, Sdbot.ftp was the malware specimen most frequently detected by the free online antivirus solution Panda ActiveScan. In addition to this malicious code topping the ranking for the seventh month running, other notable aspects of this month’s list include the second place held by WMF Exploit and the presence of Tearec.A/W32.Blackmal.E@mm /BlackWorm virus or other reasons) in sixth place. With respect to spyware, New.net occupies first place in the ranking.
During the first month of this year, Sdbot.ftp was responsible for 2.99 percent of infections. Then comes Metafile(1.99%), Sober.AH (1.30%), and Netsky.P (1.25%). After them, with frequency percentages of less than 1 percent, come: Gaobot.gen; Tearec.A; Torpig.A; Qhost.gen; Alcan.A and Parite.B.
| Malware | % frequency |
|---|---|
| W32/Sdbot.ftp | 2.99 |
| WMF Exploit/Metafile | 1.99 |
| W32/Sober.AH.worm | 1.30 |
| W32/Netsky.P.worm | 1.25 |
| W32/Gaobot.gen.worm | 0.90 |
| W32/Tearec.A.worm | 0.80 |
| Trj/Torpig.A | 0.80 |
| Trj/Qhost.gen | 0.76 |
| W32/Alcan.A.worm | 0.70 |
| W32/Parite.B | 0.61 |
The following conclusions can be drawn from the Top Ten ranking of the threats most frequently detected by Panda ActiveScan in January:
– Sdbot.ftp:seven months at the head of the ranking.
Sdbot.ftp has been, since July 2005, the threat that has had most impact. This is a script used by certain malware specimens to download -via FTP- the Sdbot worm. It does this by exploiting several operating system vulnerabilities such as LSASS or RPC-DCOM.
– The high profile of WMF Exploit.
WMF Exploit, which first appeared towards the end of December 2005, was the second most prevalent threat in January 2006. This is an exploit or code written especially to take advantage of a security hole in GDI32.DLL -used by programs such as Windows Picture and Fax Viewer-, affecting the following Windows platforms: 98, Millennium Edition (ME), 2000, XP and Server 2003.
The impact of WMF Exploit, along with the pole position of Sdbot.ftp, once again highlights the success of malware creators in exploiting vulnerabilities in major programs to bolster the impact of their creations.
– Tearec.A/W32.Blackmal.E@mm /BlackWorm:social engineering once again hand-in-hand with Internet threats.
In mid-January, Tearec.A hit computers around the world, and was, for some days, the most frequently detected malware by the free, online antivirus solution Panda ActiveScan. Its successful propagation was based largely on the use of social engineering techniques by its creator. The e-mails in which Tearec.A spread used erotic themes in order to trick recipients.
-The growing presence of worms.
Seven out of ten of the viruses in January’s Top Ten are worms, reflecting the growing trend apparent in the previous ranking (in which six out of the Top Ten belonged to this category) with a corresponding decline in the presence of Trojans.
January’s spyware ranking sees the first place remain unaltered with respect to the previous month, with New.net (1.28%) in first place. The remaining examples of spyware in the Top Ten all have frequency percentages of less than 1%: Smitfraud, Virtumonde, RXToolbar, Altnet, BetterInet, Media-motor, SafeSurf, MarketScore and Petro-Line. The most notable aspects with respect to December’s classification is the appearance of Smitfraud and SafeSurf, replacing Cydoor and Premeter, which last month held second and third place respectively.
| Spyware | % frequency |
|---|---|
| Spyware/New.net | 1.28 |
| Spyware/Smitfraud | 0.55 |
| Spyware/Virtumonde | 0.46 |
| Spyware/RXToolbar | 0.37 |
| Spyware/Altnet | 0.35 |
| Spyware/BetterInet | 0.29 |
| Spyware/Media-motor | 0.26 |
| Spyware/SafeSurf | 0.23 |
| Spyware/MarketScore | 0.22 |
| Spyware/Petro-Line | 0.20 |
