 |
|
| FREE NEWS SERVICES • Newsletters • RSS feeds • Alerts |
CAREERWEB • Register • Post your CV • Find your job |
BRAINSTORM
• Subscribe • Read online |
iWEEK • Subscribe • Read online • Get into iWeek |
IT TRAINING • TrainingWeb ITWEB EVENTS • Events Calendar |
FEEDBACK
• Post your feedback • Send us a news tip |
 |
 |
|
Sponsor's
Message
6 March 2007
Spyware, Trojans charge ahead
BY
STAFF WRITER
, ITWEB
[
Johannesburg, 6 March 2007
] -
Spyware and Trojans were top of the malware pops last month, with 33% of all infections recorded by Panda SA
falling into the former category and 25% into the latter.
Other types of malware were way behind, with worms at 6%, diallers at 5%, backdoor Trojans at 4% and bots at 3%. The remaining 24% was made up of “ordinary” viruses and cookies, says Panda SA MD Jeremy Matthews.
Regarding new examples of malware, 60% of those detected in February were Trojans, 11 points up on January, adds Matthews. “The distribution of the new variants that appeared last month is very significant. This classification indicates where malware creators are heading. The high number of new Trojans confirms cyber-crooks have exclusively financial aims,” he warns.
“Spyware is the type of malware causing most infections. Nevertheless, the number of new variants is lower.
One of the reasons for this is the way it is distributed. This kind of malware frequently forms part of legitimate
programs. Some subcategories, such as adware, are not considered dangerous since they usually only display adverts.
That is why spyware remains active on computers for longer, even though there are fewer new variants.”
Matthews says Sdbot.ftp was February's most malicious code, followed by Bagle.HX. “Sdbot.ftp is the generic script detection that certain worms exploit to download Sdbot onto a computer. This worm has been the most active malware for more than 12 months.
“Bagle.HX was in 10th position last month. The Bagle family of worms was one of the most active last year. This variant uses rootkit features to hide its processes. It also disables some security solutions' functions. The aim of both characteristics is to make it more difficult to detect,” Matthews explains.
Puce.E was in third position, as it was in January. “It is a worm that spreads through P2P networks,” Matthews says.
The fourth and fifth positions also correspond to two worms: Brontok.H and Nurech.A. The first spreads by making copies of itself on the affected system. The second is the first variant of a family that was active in February.
Related stories:
USB worm on the rise
Protect yourself from bandwidth theft
How safe do you feel?
Proactive malware response needed
Other types of malware were way behind, with worms at 6%, diallers at 5%, backdoor Trojans at 4% and bots at 3%. The remaining 24% was made up of “ordinary” viruses and cookies, says Panda SA MD Jeremy Matthews.
Regarding new examples of malware, 60% of those detected in February were Trojans, 11 points up on January, adds Matthews. “The distribution of the new variants that appeared last month is very significant. This classification indicates where malware creators are heading. The high number of new Trojans confirms cyber-crooks have exclusively financial aims,” he warns.
| Panda’s malware hit parade for February | ||
| Viruses | Infection % | Previous position |
|
W32/Sdbot.ftp.worm |
1.65 |
1 = |
|
W32/Bagle.HX.worm |
1.39 |
10 up |
| W32/Puce.E.worm |
1.16 |
3 = |
| W32/Brontok.H.worm |
1.15 |
6 up |
| W32/Nurech.A.worm |
1.14 |
New |
|
Trj/Abwiz.A |
1.05 |
4 down |
| Bck/PcClient.DU |
0.88 |
5 down |
|
Trj/Torpig.A |
0.86 |
2 down |
|
W32/Netsky.P.worm |
0.84 |
8 down |
|
Trj/Rizalof.TT |
0.84 | New |
Matthews says Sdbot.ftp was February's most malicious code, followed by Bagle.HX. “Sdbot.ftp is the generic script detection that certain worms exploit to download Sdbot onto a computer. This worm has been the most active malware for more than 12 months.
“Bagle.HX was in 10th position last month. The Bagle family of worms was one of the most active last year. This variant uses rootkit features to hide its processes. It also disables some security solutions' functions. The aim of both characteristics is to make it more difficult to detect,” Matthews explains.
Puce.E was in third position, as it was in January. “It is a worm that spreads through P2P networks,” Matthews says.
The fourth and fifth positions also correspond to two worms: Brontok.H and Nurech.A. The first spreads by making copies of itself on the affected system. The second is the first variant of a family that was active in February.
Related stories:
USB worm on the rise
Protect yourself from bandwidth theft
How safe do you feel?
Proactive malware response needed
|
Hear
from Mervyn King and others, including five leading SA corporates
explaining best practices and legal requirements as prescribed in
King III and other frameworks. Plus, attend a practical one-day
workshop.
 |
|
Copyright (c) 1996 - 2010 ITWeb Limited. All rights reserved. Would you like to see your news here? Contact us for more details at itnews@itweb.co.za |
|||||||||||
|
