(1888PressRelease)
May 10, 2009 - Two Top Twenties have been compiled from data generated by the Kaspersky Security Network (KSN) throughout April 2009.
The first Top Twenty is based on data collected by Kaspersky Lab’s version 2009 antivirus product. The ranking is made up of the malicious programs, adware and potentially unwanted programs most frequently detected on users’ computers.
Position Change in position Name
1 0 Net-Worm.Win32.Kido.ih
2 0 Virus.Win32.Sality.aa
3 6 Trojan-Dropper.Win32.Flystud.ko
4 Return Trojan.Win32.Chifrax.a
5 -2 Trojan.Win32.Autoit.ci
6 -2 Trojan-Downloader.Win32.VB.eql
7 0 Packed.Win32.Krap.b
8 -2 Worm.Win32.AutoRun.dui
9 New Exploit.HTML.CodeBaseExec
10 -2 Packed.Win32.Black.a
11 -1 Virus.Win32.Sality.z
12 New Virus.Win32.Virut.ce
13 New Trojan.JS.Agent.xy
14 -3 Worm.Win32.Mabezat.b
15 -3 Virus.Win32.Alman.b
16 -11 Packed.Win32.Krap.g
17 Return Packed.Win32.Klone.bj
18 -5 Worm.Win32.AutoIt.ar
19 New Exploit.JS.Agent.agc
20 -5 Email-Worm.Win32.Brontok.q
Making an impression this month were two newcomers, Virus.Win32.Virut.ce and Exploit.HTML.CodeBaseExec.
Virut.ce entered near the top of our second ranking in February and now looks set to dominate the first ranking as well. New versions of the virus are appearing every day, which suggests that cybercriminals are monitoring how and when the malware is detected by antivirus programs and trying to increase the size of the botnet made up of infected machines. The epidemic caused by this virus is gaining momentum and May could well see Virut.ce moving several places up the rankings.
The second newcomer is a little piece of malware history – the first version of this program was detected by Kaspersky Lab way back in 2004. It featured regularly in our malware rankings in 2006, but is now flagged as a newcomer because the format and methods used to compile our Top Twenty rankings have changed. The malware exploits a simple vulnerability in versions 5.01, 5.5 and 6.0 of Internet Explorer. It seems that the cybercriminals are hoping that there will still be a significant number of people who have not installed the relevant security updates or who still use older versions of Internet Explorer.
Trojan.Win32.Chifrax.a dropped out of our ranking last October but has now returned and gone straight in at number four. This Trojan, like RaMag.a, is a modified WinRAR archive, which in this instance is a self-extracting archive.
The April ranking includes two script downloaders – Trojan.JS.Agent.xy and Exploit.JS.Agent.agc – that are perfect examples of the type of programs used in drive-by downloads, a topic we recently published a paper on (http://www.viruslist.com/en/viruses/analysis?pubid=204792056).
All malicious, advertising and potentially unwanted programs in the first Top Twenty can be grouped according to the main classes of threat which we detect. In the past few months, the changes in the balance between these classes have not exceeded 5%.
TrojWare – 25%
VirWare – 45%
MalWare – 30%
A total of 45190 unique malicious, advertising, and potentially unwanted programs were detected on users’ computers in April. This figure is almost exactly the same as last month’s.
The second Top Twenty presents data on which malicious programs most commonly infected objects detected on users’ computers. Malicious programs capable of infecting files make up the majority of this ranking.
Position Change in position Name
1 0 Virus.Win32.Sality.aa
2 0 Worm.Win32.Mabezat.b
3 0 Virus.Win32.Virut.ce
4 0 Net-Worm.Win32.Nimda
5 0 Virus.Win32.Xorer.du
6 0 Virus.Win32.Sality.z
7 1 Virus.Win32.Parite.b
8 1 Virus.Win32.Virut.q
9 -2 Virus.Win32.Alman.b
10 1 Virus.Win32.Small.l
11 1 Email-Worm.Win32.Runouce.b
12 1 Net-Worm.Win32.Kido.ih
13 -3 Trojan-Downloader.HTML.Agent.ml
14 0 Virus.Win32.Virut.n
15 0 Virus.Win32.Parite.a
16 0 Virus.Win32.Hidrag.a
17 3 Worm.Win32.Fujack.k
18 0 P2P-Worm.Win32.Bacteraloh.h
19 -2 Trojan-Clicker.HTML.IFrame.acy
20 New Virus.Win32.Virut.av
There was little change to the second Top Twenty ranking in April. The only real activity of note was the appearance of another Virus modification in the ranking – Virus.Win32.Virut.av. This virus was first detected by Kaspersky Lab in 2007 and is still active. It means the Virut family claims four places in this Top Twenty, which amounts to 20% of the self- Nreplicating programs in our second ranking.
About Kaspersky Lab
Kaspersky Lab delivers the world’s most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. Kaspersky Lab products provide superior detection rates and the industry’s fastest outbreak response time for home users, SMBs, large enterprises and the mobile computing environment. Kaspersky® technology is used worldwide inside the products and services of the industry’s leading IT security solution providers. Learn more at www.kaspersky.com. For the latest on antivirus, anti-spyware, anti-spam and other IT security issues and trends, visit www.viruslist.com
PR Contact:
ICPAR
A Division of Planman Marcom Pvt. Ltd.
Pankti Ashar
Creative Head - Client Servicing & research
+91 9920906074
Poonam More
Consultant – Business development & client Servicing
+91 9324328522
###
