Spyware, Trojans charge ahead

Johannesburg, 06 Mar 2007

Spyware and Trojans were top of the malware pops last month, with 33% of all infections recorded by Panda SA falling into the former category and 25% into the latter.

Other types of malware were way behind, with worms at 6%, diallers at 5%, backdoor Trojans at 4% and bots at 3%. The remaining 24% was made up of "ordinary" viruses and cookies, says Panda SA MD Jeremy Matthews.

Regarding new examples of malware, 60% of those detected in February were Trojans, 11 points up on January, adds Matthews. "The distribution of the new variants that appeared last month is very significant. This classification indicates where malware creators are heading. The high number of new Trojans confirms cyber-crooks have exclusively financial aims," he warns.

"Spyware is the type of malware causing most infections. Nevertheless, the number of new variants is lower. One of the reasons for this is the way it is distributed. This kind of malware frequently forms part of legitimate programs. Some subcategories, such as adware, are not considered dangerous since they usually only display adverts. That is why spyware remains active on computers for longer, even though there are fewer new variants."

Matthews says Sdbot.ftp was February's most malicious code, followed by Bagle.HX. "Sdbot.ftp is the generic script detection that certain worms exploit to download Sdbot onto a computer. This worm has been the most active malware for more than 12 months.

"Bagle.HX was in 10th position last month. The Bagle family of worms was one of the most active last year. This variant uses rootkit features to hide its processes. It also disables some security solutions' functions. The aim of both characteristics is to make it more difficult to detect," Matthews explains.

Puce.E was in third position, as it was in January. "It is a worm that spreads through P2P networks," Matthews says.

The fourth and fifth positions also correspond to two worms: Brontok.H and Nurech.A. The first spreads by making copies of itself on the affected system. The second is the first variant of a family that was active in February.