contents

software
 
Adware and Trojans Caused Most Infections in April

Adware, responsible for 27 percent of infections, was the most active category of malware in April. Trojans, at 25 percent, were the other category to have caused a high number of incidents. Adware tracks users' Internet activity (pages visited, words searched…) and uses this to display personalized ads.

"Adware is easy to distribute, as it is generally disguised as a legitimate tool. Users are very often unaware of the risk that these malicious codes pose to their privacy, and are therefore slow to remove them. For this reason they are widely distributed and used by cyber-crooks", explains Luis Corrons, Technical Director of PandaLabs.

Trojans are another major threat at the moment. The number of infections caused by the type of malware has increased steadily over the last few months. In fact, over the first quarter of 2007, Trojans were the most active category of malware.

"There are two main reasons for this. Firstly, Trojans are the best tool for stealing confidential data (bank details, email accounts to spam, …) which can then be turned easily into profit. It is also a more discreet way of stealing this data than other techniques such as phishing", adds Corrons.

The rest of the infections recorded were caused by a wide variety of malware types: worms (8%), backdoor Trojans (5%), dialers (4%) spyware (3%), bots (3%) and others.

The most significant news this month is that Sdbot.ftp is no longer the most commonly detected specific example of malware. After more than a year at the top, this month Sdbot.ftp has dropped down to fifth place.

In fact, there are six new entries in the list of the threats most frequently detected by ActiveScan, and these include the three most virulent examples in April. The first of these is Instadia. This is a cookie installed on computers from certain web pages. As is often the case with this type of software, it is not malicious in itself, but can be used maliciously by other code.

Malware - Previous position
1. Cookie/Instadia - New
2. Trj/KillAV.FW - New
3. JS/Downloader.NOE - New
4. W32/Brontok.H.worm - 3 - down
5. W32/Sdbot.ftp.worm - 1 - down
6. W32/Puce.E.worm - 5 - down
7. Trj/Clicker.ZJ - New
8. Trj/Agent.DIL - New
9. Trj/KillAV.FG - 9 - =
10. Adware/Spylocked - New.

The second most active malicious code last month was KillAV.FW. This is a Trojan designed to steal confidential information from computers. Downloader.NOE, which has similar functions, was third on the list.

In fourth place came Brontok.H, a worm which has been high up in the ranking for some months now. Sdbot.ftp, as mentioned above, was in fifth place.

In sixth place was Puce.E, another regular in the ranking. This worm uses P2P networks in order to spread. The Clicker.ZL Trojan was in seventh place.

In eighth and ninth place came Agent.DIL and KillAV.FG respectively: The first of these is designed to aid intrusions on infected computers. The second is a Trojan that prevents several security solutions from working correctly and connects to a server to allow the infected computer to be controlled remotely. This Trojan belongs to the same family as KillAV.FW.

Last in the list is Spylocked. This is adware that passes itself off as a security tool, supposedly detecting malware on computers. The aim is to get users to buy the product as protection. If they do buy it, the product ceases to detect malicious code. This malware has used other names such as SpywareQuake or VirusBurst.

"Once a program like this starts to become known among users, the creators simply change its name to prevent users recognizing it as malicious software", says Corrons.



write your comments about the article :: © 2007 Computing News :: home page