TMCnet News
Kaspersky Lab: Kaspersky Lab Reports Significant Increase Of In-The-Wild Threats In September 2008 Statistics; Rootkit Program Replaces Trojan As The Most Prolific Malware Detected On Kaspersky Lab Users' Computers(M2 PressWIRE Via Acquire Media NewsEdge) RDATE:03102008 Kaspersky Lab, a leading provider of security solutions that protect against viruses, Trojans, worms, spyware, crimeware, rootkits, phishing, hacker attacks and spam, today revealed that 35,103 different malicious and potentially unwanted programs were detected on users' computers by the Kaspersky Security Network (KSN) during September 2008. This represents an increase of 6,163 on August 2008 statistics and two consecutive months of growth. In Kaspersky Lab's top twenty ranking of malicious programs detected onitsusers' computersduring September 2008 the KSN recorded a change at the top of the chart with the former leader, Trojan.Win32.DNSChanger.ech, leaving the top twenty and being replaced by Rootkit.Win32.Agent.cvx. Kaspersky Lab first detected and added the rootkit to its anti-malware databases on 28th August 2008 and throughout September it actively spread across the Internet. Senior Virus Analyst at Kaspersky Lab, Aleks Gostev states, "Two factors have set the alarm bells ringing. First of all, rootkits are notoriously awkward customers for antivirus software and secondly, very few antivirus programs, as yet, can detect this particular specimen." Gostev comments on other revelations from the top twenty, "A significant amount of the attacks on users' computers stem from various script downloaders. These scripts act as the "trigger" for the majority of "drive-by download" attacks." Such a Trojan downloader - Trojan-Downloader.WMA.Wimad.n - returned to the ranking in second place in September. This multimedia file exploits a vulnerability in Windows Media Player to download various Trojans. Interestingly, not only have all the AdWare programs from last month - not-a-virus:AdWare.Win32.BHO.ca; not-a-virus:AdWare.Win32.BHO.sc and not-a-virus:AdWare.Win32.BHO.vp- remained in the top twenty, they have consolidated their positions (9th, 11th, 13th and 14th positions). In Kaspersky Lab's top twenty ranking of the most common malicious programs among all infected objects detectedon users' computers the changes were minimal compared to August with only four new entries (3rd, 5th, 15th and 20th), however the majority of the programs have file-infection capabilities. Net-Worm.Win32.Nimda,which unexpectedly claimed first place in August2008, has been replaced by Virus.Win32.Xorer.duat the top of the ranking. During September several programs and variants have strengthened their position in this ranking. Notably another member of the Sality family enter therankingin 5th position - Virus.Win32.Sality.aa-bringing their number to four.The worm - Worm.Win32.Mabezat.b- has become another programto be reckoned with. It initially showed no significant activity after being detected by Kaspersky Lab in November 2007, as it probably went about gradually increasing the number of infected machines and files. Now it has entered the ranking at third place. Gostev concludes, "Overall, it has to be said that the state of virus and worm activity is rather stable and shows no signs of getting worse. According to KSN data, a number of malicious programs that infect files have been significantly curtailed over the last three months, which is borne out in the examples of the Allaple and Otwycal families falling off of our ranking." September 2008: Malicious programs detected by Kaspersky Lab on users' computers 1 New Rootkit.Win32.Agent.cvx 2 Return Trojan-Downloader.WMA.Wimad.n 3 New Packed.Win32.Black.a 4 +8 Trojan.Win32.Agent.abt 5 New Trojan-Downloader.HTML.Iframe.sz 6 New Trojan-Downloader.Win32.VB.eql 7 New Trojan-Downloader.JS.IstBar.cx 8 +1 Trojan.Win32.Agent.tfc 9 +1 not-a-virus:AdWare.Win32.BHO.ca 10 New Trojan-Downloader.Win32.Small.aacq 11 - not-a-virus:AdWare.Win32.Agent.cp 12 New Trojan.Win32.Obfuscated.gen 13 +1 not-a-virus:AdWare.Win32.BHO.sc 14 +1 not-a-virus:AdWare.Win32.BHO.vp 15 +3 Trojan.Win32.Chifrax.a 16 -3 Trojan-Dropper.Win32.Agent.tbd 17 +2 Trojan.RAR.Qfavorites.a 18 New Email-Worm.Win32.Brontok.q 19 New Trojan-Downloader.JS.Agent.cme 20 -12 Trojan-Downloader.JS.Agent.chk objects detected 1 +1 Virus.Win32.Xorer.du 2 -1 Net-Worm.Win32.Nimda 3 New Worm.Win32.Mabezat.b 4 +2 Virus.Win32.Alman.b 5 New Virus.Win32.Sality.aa 6 -3 Virus.Win32.Parite.b 7 -3 Virus.Win32.Virut.n 8 +7 Virus.Win32.Small.l 9 +5 Virus.Win32.Virut.q 10 -5 Virus.Win32.Parite.a 11 -3 Email-Worm.Win32.Runouce.b 12 Return Virus.Win32.Sality.s 13 +3 Virus.Win32.Hidrag.a 14 Return Virus.Win32.Sality.z 15 New Trojan.Win32.Obfuscated.gen 16 -7 Worm.Win32.Fujack.k 17 +3 Virus.Win32.Tenga.a 18 -7 Trojan-Downloader.WMA.GetCodec.d 19 -9 Worm.VBS.Headtail.a 20 New Virus.Win32.Sality.q For further information regarding the malware statistics for September 2008 please visit: http://www.kaspersky.co.uk/news?id=207575685. About Kaspersky Lab Kaspersky Lab delivers the world's most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. Kaspersky Lab products provide superior detection rates and the industry's fastest outbreak response time for home users, SMBs, large enterprises and the mobile computing environment. Kaspersky technology is also used worldwide inside the products and services of the industry's leading IT security solution providers. CONTACT: Graham Thatcher, MCC International Ltd Tel: +44 (0)1962 888 100 e-mail: [email protected] Simon Hewitt / Fiona Brewer, MCC International Ltd Tel: +44 (0)1962 888 100 e-mail: [email protected] WWW: http://www.mccint.com Kerstin Reiners, Kaspersky Lab UK & Ireland Tel: +44 (0)871 789 1634 e-mail: [email protected] WWW: http://www.kaspersky.co.uk WWW: http://www.viruslist.com ((M2 Communications Ltd disclaims all liability for information provided within M2 PressWIRE. Data supplied by named party/parties. Further information on M2 PressWIRE can be obtained at http://www.presswire.net on the world wide web. Inquiries to [email protected])). Copyright ? 2008 M2 Communications Ltd. |