DataBank: ThreatStats - Phishing attacks become more targeted as the number of two-tiered viruses grows

By on

Position Change Name Percentage
in position
1 0 Net-Worm.Win32.Mytob.c 29.01
2 new Email-Worm.Win32.Nyxem.e 16.70
3 -1 Email-Worm.Win32.LovGate.w 8.64
4 +2 Email-Worm.Win32.NetSky.b 5.55
5 -1 4.02
6 +2 Net-Worm.Win32.Mytob.t 2.92
7 +3 Net-Worm.Win32.Mytob.q 2.75
8 -1 Net-Worm.Win32.Mytob.u 2.07
9 +9 Net-Worm.Win32.Mytob.x 1.92
10 -1 Net-Worm.Win32.Mytob.a 1.86

Many contemporary worms reach their peak months after they first appear, and this could be the case with Nyxem.e, which we first saw back in January. Similarly, this month there have been alerts for viruses such as Bagle.fy, which haven't made the top 20, but may yet return in far greater numbers in the coming months. Nyxem.e caused quite a stir when it was first detected, but thankfully the much-hyped February 3 threat never materialised. However, while there is no need to panic about its return, we do recommend that organisations ensure security policies are tight, anti-virus protection is up to date and all executable files are blocked at the gateway. The unexpected revival of Nyxem.e is one of a number of unusual events witnesses during June. The dramatic fall of longtime leaders Netsky.q and Netsky.t is another.

Source: Kaspersky Lab


Looking at the trend over the first half of 2006, despite a recent marginal decline, attacks continue to become more focused as criminals switch their attention from creating malware to phishing.

Source: MessageLabs.

Virus First
Threat Anti-virus Outbreak
Virus Date Level Signature filter
Raised Available lead time
Troj/Cimuz-AM 01/06/2006 20:42 02/06//06 00:42 4:00 hrs
Rechnung- 07/06/2006 18:51 08/06/2006 06:06 11.18 hrs
FeebsDI-Q 08/06/2006 20:28 09/06/2006 18:27 21:59 hrs
Troj/Stinx-W 15/06/2006 23:24 16/06/2006 10:36 11:12 hrs
W32/Bagle-KF 16/06/2006 17:04 16/06/2006 18:38 1:34 hrs
X97_EMBED.AN 16/06/2006 17:32 16/06/2006 17:52 0:20 hrs
W32/Sixem-A 19/06/2006 13:50 19/06/2006 21:12 7:22 hrs
Feebs.AG 21/06/2006 04:25 22/06/2006 22:12 41:48 hrs

Trends show that viruses are two-tiered. The first layer comprises the
security of a PC enough to allow second layer trojans to then fully
exploit the machine to steal data and set it up for botnet activity.
Source: IronPort.

Position Name Percentage
1. Hotmail hoax 12.5%
2 Olympic torch 9.7%
3 Justice for Jamie 5.7%
4 Bonsai kitten 4.9%
5 Meninas da Playboy 3.6%
6 Budweiser frogs screensaver 3.0%
7 Bill Gates fortune 2.7%
8 MSN is closing down 2.4%
9= A virtual card for you 1.7%
9= Mobile phone hoax 1.7%
Others 52.1%

This month, the Hotmail hoax, which warns recipients that their Hotmail
account will be closed if they don't forward the rogue message, has
taken the top spot from the Olympic Torch hoax.
Source: Sophos.


Trojans and exploits made up 22 per cent of all infection, while viruses and worms only accounted for one in ten infected PCs.

Source: Trend Micro


Nearly a third of all greyware infections (28 per cent) were adware. Trackware made up 10 per cent, while browser helpers accounted for 13 per cent. Browser hijackers recorded a paltry one per cent of greyware.

Source: Trend Micro


Naninf dominates chart

The zero-day malware chart is dominated by just two viruses, Backdoor.Naninf.E and, which between them accounted for 90 per cent of all new malware in June.

Source: Blackspider


With image-based spam now comprising up to 15 per cent of all spam mail, new zombie numbers continued their upward trend, rising another 3 per cent in June. China once again accounted for most of the increase.

Source: Cipher Trust

Total zombies for June 2006: 7,796,846

The total number of zombies is up 2.9 per cent from May.

Source: CipherTrust


Our July Top 10 Spyware Threats shows the severe threats reported between 1 and 27 June. The percentage is based on the number of times each threat was found divided by the number of scans run. These threats are classified moderate to severe, based on the method of installation, among other criteria. The majority of these threats propagate through stealth installations or social engineering.

Source: Sunbelt Software

1 DesktopScam A trojan that is downloaded
with rogue security applicatons
in order to frighten the
affected user into purchasing
the rogue program. 3.32
2 Zlob.Media-Codec A trojan that installs rogue
security software on the infected
machine without notice and consent. 1.19
3 Looking-For.Home Home Search Assistant is an IE
browser helper object tha
changes the Search Assistant
user's home page and modifes
search results. It also spawns
pop-ups. 0.98
4 Virtumonde An adware program that displays
pop-up advertisements on the
desktop and also downloads
other software from various
remote servers. 0.95
5 SpywareQuake A purported anti-spyware application
that scans for and removes
spyware from users' computers. 0.86
6 180solutions. Logs the web pages visited and
uploads the data to its servers.
SearchAssistant 0.80
7 Command Service An adware application that opens
pop-ups and displays advertising on
the user's desktop while browsing
web pages. It is installed by a
number of drive-by downloaders,
including IE-Plugin. 0.78
8 FullContext.EQAdvice An advertising program that
displays ads and allows the
installation of other adware. 0.70
9 DollarRevenue An adware program that spawns
pop-up advertising on the desktop
and downloads other adware. 0.69
10 Zango.SearchAssistant Opens new browser windows
showing websites based on the
previous websites visited. 0.68

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

Log In

  |  Forgot your password?