31% of Threats Detected in the First Quarter of 2007 Were Trojans

Trojans were responsible for more infections than any other malware during the first quarter of 2007. They accounted for 31 percent of all threats detected by ActiveScan, the free online solution from Panda Software.

"In 2006, spyware was the most widely-distributed malware. However, during the final months of last year, Trojans increased significantly. This trend has been confirmed in the first three months of this year and Trojans are now the most damaging malware", explains Luis Corrons, Technical Director of PandaLabs.

Adware, responsible for 28 percent of infections, was the second most active category of malware in the first quarter.

"It is no surprise that Trojans and adware are the most widely-distributed categories, as they are both easy to profit from, which is now the main aim of malware creators. Both are designed to compile information about users, which cyber-crooks can rapidly convert into cash", claims Corrons.

Other less relevant categories during the first quarter were worms (8%), dialers (5%) and spyware (3%).

Despite the dominance of Trojans, the most active specific example of malware was the Sdbot.ftp worm. This is a script created by several members of the Sdbot family to download themselves onto computers. After this came Puce.E, a worm that uses P2P networks to spread.

Technical name of the virus - % frequency
- W32/Sdbot.ftp.worm - 1.95;
- W32/Puce.E.worm - 1.3;
- Trj/Torpig.A - 1.23;
- W32/Brontok.H.worm - 1.21;
- Trj/Abwiz.A - 1.14;
- W32/Bagle.HX.worm - 1.13;
- Bck/PcClient.DU - 1.01;
- W32/Netsky.P.worm - 0.95;
- Trj/QQPass.JZ - 0.94;
- Trj/KillAV.FG - 0.74.

Third on the list was Torpig.A, a Trojan that steals confidential user data, such as passwords stored on specific Windows services.

In fourth was the Brontok.H worm followed by Abwiz.A, a Trojan designed to steal passwords stored on the system. Bagle.HX, a representative of the dangerous Bagle family was in sixth position. This variant has rootkit features to hide its processes and it disables some security solutions' functions. The aim in both cases is to make it more difficult to detect.

PcClient.DU came seventh. This backdoor Trojan opens a port in the targeted computer so that a remote attacker can control it.

In eighth place was Netsky.P, a Trojan that exploits several vulnerabilities in Internet Explorer to spread. QQpass.JZ, a Trojan that steals confidential data was in the ninth place.

Last on the list was KillAV.FG, a Trojan that ends several processes on the compromised computer, security tool processes among them.

write your comments about the article :: 2007 Computing News :: home page