ESET, the Bratislava-based security firm behind the Nod32 antivirus suite, said this week that a high percentage of malware detected in August employed some kind of obfuscation technique.

Threats that use obfuscation techniques to hide their malicious function, such as runtime packing, polymorphism and junk code injection, accounted for 7.58 percent of malware detected in August.

According to ESET's ThreatSense.Net, which reports detection statistics from millions of client computers around the world, Win32/Obfuscated, a generic name for malware that hides its true intention, was the number one threat to users.

In second place, accounting for 3.4 percent of malware threats, was Win32/Agent, which includes malware that has Trojan capabilities to connect directly back to a central server or provide a backdoor into the infected machine.

Down from first to third place last month was Win32/TrojanDownloader.Ani.gen, while Win32/Agent.ARK was in fourth place with 2.33 percent of detections.

"This malware connects to a command and control server that seems to be located in Singapore," said Paul Brook, managing director at ESET UK.

"The purpose of Win32/Agent.ARK seems to be to keep control of an infected system so that it can be used to execute commands on the infected host and download additional software.

"Such botnet software is often able to update itself with new components which add new functionality, and which help it to evade detection by signature-based antivirus software."

Copyright © 2009 vnunet.com