Top Ten viruses most frequently detected by Panda ActiveScan in September 2004

For the fourth month running, the Downloader.GK Trojan was the most frequently encountered malicious code

September was, in general, a quiet month in terms of virus activity. None of the new malicious code that appeared caused major incidents. However, the discovery of a new vulnerability -Exploit/MS04-028- has given cause for concern. This security problem, which affects many Microsoft products, means that specially-crafted malicious JPEG files could be used to take action on the computers on which they are run. Because of this, it is likely that new viruses that appear in coming months will try to exploit this vulnerability.

But leaving the future to one side, and although there have been no epidemics, existing viruses have still continued to be the bane of computer users, judging by the data gathered from Panda ActiveScan, the free online scanner. For the fourth month running, the Downloader.GK Trojan has infected more computers than any other malicious code, and was responsible for over 21 percent of infections. Next came Mhtredir.gen (6.64%), a generic detection for a large family of Trojans and the culprit in just under seven percent of positive cases.

In third and fourth place came two well-known worms: Netsky.P (5.78%) and Sasser.ftp (5.53%) – which includes all the Sasser worms that are downloaded to computers via FTP. Gaobot.gen (4.62%), the generic detection of this family of worms, came in fifth place while sixth and seventh place were filled by the Trojans Briss.A (4.01%) and StartPage.FH (3.96%). The end of the ranking included Mabutu.A (3.25%) and the Trojans Qhost.gen (3.19%) and Downloader.JH (2.90%).

Virus % frequency
Trj/Downloader.GK 21.32%
Exploit/Mhtredir.gen 6.64%
W32/Netsky.P.worm 5.78%
W32/Sasser.ftp 5.53%
W32/Gaobot.gen.worm 4.62%
Trj/Briss.A 4.01%
Trj/StartPage.FH 3.96%
W32/Mabutu.A.worm 3.25%
Trj/Qhost.gen 3.19%
Trj/Downloader.JH 2.90%

The following conclusions can be drawn from the data collected by Panda ActiveScan last month:

– Trojans still going strong. The trend of recent months continues with Trojans occupying more than half of the ranking. This is symptomatic of an increase in the activity of cyber-criminals on the Internet using Trojans as tool.

– Software vulnerabilities are once again a threat. Four of the Top Ten use vulnerabilities in commonly used applications to infect computers, which demonstrates how many users still haven’t applied the corresponding patches. This is particularly worrying now with the discovery of Exploit/MS04-028, which affects the viewing of JPEG files and will no doubt be used by numerous malicious code in the future.