August has witnessed the same trend observed over the last few months with regard to computer threats. The current
apparent calm in malware activity is simply due to a new strategy from malware creators, who are now trying to avoid massive epidemics that draw the attention of users and the media, while simultaneously launching a large amount of new malicious code. This aims at infecting as many computers as possible without raising suspicion, with malware
that can be used to commit cyber-crime and return healthy profits.
A revealing example of this new malware dynamic is the controversial MS06-040 vulnerability, which constitutes the typical security problem exploited by worms causing large-scale epidemic. Some time ago, the public appearance of a threat that could exploit such a flaw would have been almost immediate. However, things are different now. Every day, examples of malware are detected that take advantage of this flaw, but they have been designed to act discreetly.
As for the malicious code most frequently detected in August, according to the Panda ActiveScan free online antivirus scanner, the most commonly detected malware was once again Sdbot.ftp, a script used by the Sdbot family of worms to download themselves to computers via FTP. Second place was taken by Jupillites.G, while in third came the old-timer Netsky.P, a worm that exploits a vulnerability in Internet Explorer to run itself automatically when reaching a computer.
In fourth was the Sinowal.BV Trojan, followed by Bagle.pwdzip, which comprises several variants of the Bagle worm that spread via email in a password-protected ZIP file.
W32/Parite.B (a polymorphic virus that infects executables files with an EXE extension, and SRC files, screensavers), and the Downloader.IOL Trojan, designed to download other files onto the target system, were
sixth and seventh in the ranking, respectively.
Last in the ranking were Exploit/Metafile, Ailis.A.worm (a worm that replicates by creating copies of itself, without infecting other files, to saturate computers and networks, preventing users from working) and Qhost.gen (a generic detection of a modification to the HOSTS file)
Malware % frequency
W32/Sdbot.ftp.worm 1.88
Trj/Jupillites.G 0.87
W32/Netsky.P.worm 0.78
Trj/Sinowal.BV 0.60
W32/Bagle.pwdzip 0.56
W32/Parite.B 0.55
Trj/Downloader.IOL 0.52
Exploit/Metafile 0.50
W32/Ailis.A.worm 0.48
Trj/Qhost.gen 0.44
The conclusion to be drawn from this month's Top Ten ranking is the prevalence of malicious code designed to commit cyber-crime in order to obtain economic benefit, like bots, Trojans and exploits. Finally, the on-going presence of Netsky.P, which takes advantage of a vulnerability discovered five years ago, indicates that there are numerous computers that have not been updated and which could therefore become a breeding ground for the distribution of all types of Internet threats.