Although June has been a quiet month with respect to malicious attacks, there has been a resurgence of new variants of Bagle, a worm renowned for its ability to propagate rapidly via email. This could signify a new attempt by its creators to distribute it on a massive scale among users.
For the twelfth month running, Sdbot.ftp was the malware specimen most frequently detected by the free, online antivirus solution Panda ActiveScan. This is a script used by the Sdbot family of worms to download themselves onto computers via FTP.
Second place in the Top Ten was held by Netsky.P, a worm detected for the first time in March 2004, and which continues to appear in the ranking of the most frequently detected viruses. Netsky.P exploits an Internet Explorer vulnerability in order to spread. Jupillites.G, a Trojan that allows remote attacks on infected computers, was in third place.
Parite.B, a virus that goes back to 2001, was in fourth place. This virus infects files with .exe (executable) and .scr (screensaver) extensions. Next came Lowzones.SE, a Trojan that can steal information and take screenshots on the infected computer.
Tearec.A, an email worm that can terminate processes related with antiviruses and P2P applications, was in sixth place in the ranking. In seventh place came Bagle.pwdzip, the generic detection of new variants of the Bagle family. The ranking was completed by Exploit/Metafile, the detection of a vulnerability in the processing of WMF files in Windows, and the Manshi.G and Gaodrop.A Trojans.
Malware - % frequency
W32/Sdbot.ftp.worm - 1.80
W32/Netsky.P.worm - 0.88
Trj/Jupillites.G - 0.67
W32/Parite.B - 0.52
Trj/Lowzones.SE - 0.49
W32/Tearec.A.worm!CME-24 - 0.48
W32/Bagle.pwdzip - 0.46
Exploit/Metafile - 0.45
Bck/Manshi.G - 0.41
Trj/Gaodrop.A - 0.36
The conclusion from this monthís ranking is that Trojans are still the most widespread malicious code. Exactly half of the malware in the Top Ten were Trojans. Worms, which were widely used until recently, still account for 40 percent of the malware detected.
It is once again evident that there are numerous computers that still do not have anti-malware installed and that also have vulnerabilities which were resolved by developers some time ago. This is apparent from the increasing amount of detections of Netsky.P, which has reached second place in this monthís ranking. This worm spreads and automatically infects computers using a vulnerability in Internet Explorer for which a patch was published more than three years ago. An infected computer is a source of infection for other victims and is easy prey for hackers that launch attacks through these inadequately protected computers. Panda Software advises users to keep their computers up-to-date against new vulnerabilities, downloading the corresponding security patches.
For more information about these and other malicious code, visit Panda Software’s Virus Encyclopedia
Top Ten viruses most frequently detected by Panda ActiveScan in June
.
