Trojans continue to dominate threat detections

By on

Conficker takes top spot.

Trojan downloaders are continuing to dominate malware statistics with exploitations of the autorun.inf and Delphi functions continuing.

ESET statistics show that in August, the Conficker worm was the most widespread threat globally with a share of 8.56 per cent. However it registered a slight decrease of two per cent on average compared with July statistics, while on a country-by-country level this was even more pronounced.

However, the report found that a mixture of threats claimed a stronger global position, predominantly online gaming trojans and exploitations of the autorun.inf function, the second and third most detected threats respectively.

Statistics from Sunbelt Software's SunbeltLabs reported that the password-stealing Trojan threat Trojan-Spy.Win32.Zbot.gen maintained the top spot on the list, but its prevalence increased by 53.7 per cent month-over-month to 7.67 per cent of overall Sunbelt detections, from 4.99 per cent in July.

The second most detected was Trojan.Win32.Generic!BT, a downloader associated with rogue security programs, that did not appear on the list in July yet was the second highest threat with 7.57 per cent of detections.

SunbeltLabs also found that the Win32.induc virus, which was highly publicised in August for propagating itself through Delphi development applications, did not make the list.

Michael St. Neitzel, Sunbelt Software vice president of threat research and technologies, said: “The fact that Zbot is the top detection for the last two months isn't surprising. It's a very versatile piece of malcode that injects code from a remote site to steal information from its victims, including cached passwords, login credentials for websites (chiefly banks) as well as data in certificates and cookies. It has some backdoor functionality and may record keystrokes.

“We first noticed an increased distribution of it in the middle of May when it was distributed through a number of spam campaigns. In one case, the spam email purported to be an airline e-ticket and in others it arrived as either an attachment that claimed to be from United Parcel or an alleged e-payment notification of an order with Amazon.com. We have documented more than 2,700 files related to Trojan-Spy.Win32.Zbot.gen since it was first detected.”

Kaspersky Lab's statistics found that Net-Worm.Win32.Kido.ih and Virus.Win32.Sality.aa are still its top rated threats, but has also detected that the Virus.Win32.Induc.a, that makes use of the Delphi two stage method for creating executable files, is prevalent.

It also claimed that more than half the entries in August's second Top Twenty are new examples of cybercriminals' creativity.

See original article on scmagazineuk.com

Copyright © SC Magazine, US edition
Tags:
attack autorun conficker delphi detections malware security threat trojans worm

Most Read Articles

Human Services casts doubt on Watson

Human Services casts doubt on Watson
Number of homes in NBN limbo balloons

Number of homes in NBN limbo balloons
MyGov gets a makeover

MyGov gets a makeover
Australian SKA telescope finds ancient radio signal

Australian SKA telescope finds ancient radio signal
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Growing companies have a growing interest in technology
Growing companies have a growing interest in technology
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
Building platforms for future health and education
Building platforms for future health and education
Breach Level Index Report
Breach Level Index Report
Data Security vs Human Behaviour
Data Security vs Human Behaviour

Events

Log In

Username:
Password:
|  Forgot your password?