Trojans continue to dominate threat detections

By on

Conficker takes top spot.

Trojan downloaders are continuing to dominate malware statistics with exploitations of the autorun.inf and Delphi functions continuing.

ESET statistics show that in August, the Conficker worm was the most widespread threat globally with a share of 8.56 per cent. However it registered a slight decrease of two per cent on average compared with July statistics, while on a country-by-country level this was even more pronounced.

However, the report found that a mixture of threats claimed a stronger global position, predominantly online gaming trojans and exploitations of the autorun.inf function, the second and third most detected threats respectively.

Statistics from Sunbelt Software's SunbeltLabs reported that the password-stealing Trojan threat Trojan-Spy.Win32.Zbot.gen maintained the top spot on the list, but its prevalence increased by 53.7 per cent month-over-month to 7.67 per cent of overall Sunbelt detections, from 4.99 per cent in July.

The second most detected was Trojan.Win32.Generic!BT, a downloader associated with rogue security programs, that did not appear on the list in July yet was the second highest threat with 7.57 per cent of detections.

SunbeltLabs also found that the Win32.induc virus, which was highly publicised in August for propagating itself through Delphi development applications, did not make the list.

Michael St. Neitzel, Sunbelt Software vice president of threat research and technologies, said: “The fact that Zbot is the top detection for the last two months isn't surprising. It's a very versatile piece of malcode that injects code from a remote site to steal information from its victims, including cached passwords, login credentials for websites (chiefly banks) as well as data in certificates and cookies. It has some backdoor functionality and may record keystrokes.

“We first noticed an increased distribution of it in the middle of May when it was distributed through a number of spam campaigns. In one case, the spam email purported to be an airline e-ticket and in others it arrived as either an attachment that claimed to be from United Parcel or an alleged e-payment notification of an order with Amazon.com. We have documented more than 2,700 files related to Trojan-Spy.Win32.Zbot.gen since it was first detected.”

Kaspersky Lab's statistics found that Net-Worm.Win32.Kido.ih and Virus.Win32.Sality.aa are still its top rated threats, but has also detected that the Virus.Win32.Induc.a, that makes use of the Delphi two stage method for creating executable files, is prevalent.

It also claimed that more than half the entries in August's second Top Twenty are new examples of cybercriminals' creativity.

See original article on scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
attack autorun conficker delphi detections malware security threat trojans worm

Most Read Articles

Inside NEXTDC's new Sydney data centre, S2

Inside NEXTDC's new Sydney data centre, S2
'Natural radiation event' knocks NBN Sky Muster satellite offline

'Natural radiation event' knocks NBN Sky Muster satellite offline
'Massive messaging storm' takes out Telstra's DNS infrastructure

'Massive messaging storm' takes out Telstra's DNS infrastructure
Telstra sells Clayton data centre complex for $416m

Telstra sells Clayton data centre complex for $416m
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Government Digital Transformation Requires Customer Obsession
Government Digital Transformation Requires Customer Obsession
Master the fundamentals of AWS cost efficiency
Master the fundamentals of AWS cost efficiency
Get IT, finance and business on the same page
Get IT, finance and business on the same page
Why is DevSecOps important to your business?
Why is DevSecOps important to your business?
Architecting Hybrid IT & Edge for Digital Advantage
Architecting Hybrid IT & Edge for Digital Advantage

Events

Log In

Username / Email:
Password:
  |  Forgot your password?