Spyware still running rampant

By Leon Engelbrecht, ITWeb senior writer

Johannesburg, 05 Apr 2007

Spyware and Trojans remain at the top of Panda Software's threat list for March.

MD Jeremy Matthews says spyware accounted for 31% of all infections detected last month.

<B>Panda's top 10:</B>

* The malware that caused the most infections in March was Sdbot.ftp, the generic detection of the script created by the members of the Sdbot family of worms to perform downloads. This malicious code has been at the top of the most active malware list for over a year.
* Lozyt.A has risen rapidly in the list. This malware appeared only a month ago but is already the second most virulent code. The Trojan ends processes belonging to several security tools. In this way, it exposes the target system to new threats. It then connects to the server and downloads the ErrorSafe adware.
* Brontok.H occupies third place. This worm spreads by copying itself to the affected system. In fourth place comes the Clicker.ZJ Trojan, which allows attackers to enter infected computers. This is one of the new codes on this month's list.
* Puce.E dropped from third place to fifth in March. This worm uses P2P networks to spread. Bagle.HX, in sixth place, is a member of the Bagle family of worms that tries to evade detection by using rootkit features to end processes belonging to several security solutions.
* SpyDawn is in seventh place and is a new addition to the list. The false anti-spyware program installs on the system without the user knowing.
* PcClient.DU is eighth. This backdoor Trojan opens a port in the target computer so that a remote attacker can control it.
* The last two places are occupied by codes that make their debut in the list. KillAV.FG is a Trojan that prevents several security solutions from operating correctly and connects to a server to allow the infected computer to be controlled remotely. The Downloader.NBT Trojan reduces the computer security level by changing the Internet Explorer security settings.

Symantec Africa confirmed the trend. Premlan Padayachi, SA consumer country manager, says he is "definitely seeing an increase in spyware, adware and malware".

Matthews says spy programs compile information about people's Internet activity for various purposes, including seemingly innocuous usages such as providing targeting data for personalised adverts. "Spyware accounts for so many infections largely due to the way it spreads.

"Lately, we have witnessed a big increase in the number of exploits that use Web pages to install adware. Users do not even have to agree to the terms and conditions for installation of the malicious code, as before," he cautions. "Also, since users have not installed these codes knowingly, it is more difficult to detect them, and they remain on computers for longer."

Padayachi adds that consumers should be aware of programs that flash ads in the user interface. "Many spyware programs track how users respond to these ads, and their presence is a red flag. When users see ads in a program's user interface, they may be looking at a piece of spyware," he says.

Trojans were the second most frequent malware type in March (25% of all infections). Spyware and Trojans are the most widespread malware because they are the most widely used for financial gain, cyber-crooks' main objective. Six percent of infections in March were caused by Trojans, and 5% by diallers. Backdoor Trojans and bots were the culprits in 4% of cases, Mathews says.

As with previous months, a large number of infections fall into the "other" category. "This is just another example of how inaccurate it is to call all malicious code viruses, as malware is nowadays more diverse than ever. This category includes viruses as such, but also jokes, hacking tools and cookies," explains Matthews.

As for the most active malware, there have been a large number of new additions to the list.

In addition, Padayachi says, Symantec documented 12 zero-day vulnerabilities during the second half of 2006.

"This marked a significant increase from the one zero-day vulnerability documented in the first half of 2006, increasing the exposure of consumers and businesses to unknown threats."