Trojans continue to dominate threat detections

Trojan downloaders are continuing to dominate malware statistics with exploitations of the autorun.inf and Delphi functions continuing.

ESET statistics show that in August, the Conficker worm was the most widespread threat globally with a share of 8.56 per cent. However it registered a slight decrease of two per cent on average compared with July statistics, while on a country-by-country level this was even more pronounced.

However, the report found that a mixture of threats claimed a stronger global position, predominantly online gaming trojans and exploitations of the autorun.inf function, the second and third most detected threats respectively.

Statistics from Sunbelt Software's SunbeltLabs reported that the password-stealing Trojan threat Trojan-Spy.Win32.Zbot.gen maintained the top spot on the list, but its prevalence increased by 53.7 per cent month-over-month to 7.67 per cent of overall Sunbelt detections, from 4.99 per cent in July.

The second most detected was Trojan.Win32.Generic!BT, a downloader associated with rogue security programs, that did not appear on the list in July yet was the second highest threat with 7.57 per cent of detections.

SunbeltLabs also found that the Win32.induc virus, which was highly publicised in August for propagating itself through Delphi development applications, did not make the list.

Michael St. Neitzel, Sunbelt Software vice president of threat research and technologies, said: “The fact that Zbot is the top detection for the last two months isn't surprising. It's a very versatile piece of malcode that injects code from a remote site to steal information from its victims, including cached passwords, login credentials for websites (chiefly banks) as well as data in certificates and cookies. It has some backdoor functionality and may record keystrokes.

“We first noticed an increased distribution of it in the middle of May when it was distributed through a number of spam campaigns. In one case, the spam email purported to be an airline e-ticket and in others it arrived as either an attachment that claimed to be from United Parcel or an alleged e-payment notification of an order with Amazon.com. We have documented more than 2,700 files related to Trojan-Spy.Win32.Zbot.gen since it was first detected.”

Kaspersky Lab's statistics found that Net-Worm.Win32.Kido.ih and Virus.Win32.Sality.aa are still its top rated threats, but has also detected that the Virus.Win32.Induc.a, that makes use of the Delphi two stage method for creating executable files, is prevalent.

It also claimed that more than half the entries in August's second Top Twenty are new examples of cybercriminals' creativity.

See original article on scmagazineuk.com