Top 10 Viruses Most Frequently Detected by Panda ActiveScan in November 2004

November has been an erratic month in terms of virus activity. Although in general it has been relatively quiet, there has been some cause for concern, such as the appearance of Sober.I and the Tasin family of worms. However, Downloader.GK was once again the most active malicious code.

According to November’s Top Ten, based on the data gathered by Panda ActiveScan, the free online scanner, the Downloader.GK Trojan was, for the sixth month running, the malicious code responsible for most attacks. A long way off in second place came Mhtredir.gen, the generic detection for a family of Trojans that allows attacks to take malicious action on affected systems.

Netsky.P, first detected in March of this year and which exploits an old vulnerability in Microsoft Internet Explorer, and Mabutu.A, the email worm that acts as a backdoor Trojan, were third and fourth respectively in the Top Ten.

In fifth place came Citifraud.A, a Trojan detected for the first time at the beginning of November and designed to carry out phishing attacks. As with most Trojans, and despite the fact that there has not been an epidemic as such, its activity has been intense.

Sasser.ftp, a script created by the Sasser worms to install themselves on computers via FTP, and Gaobot.gen, the generic detection for a family of worms that steal confidential data from the systems that it affects were in sixth and seventh place respectively in the ranking.

StartPage.FH -a Trojan designed to install malware on the computers it affects-, and the Bagle.BC worm were eighth and ninth in the list. Finally, Qhost.gen, a generic detection for the modifications made to the HOSTS file by various Trojans, closes this edition of the Top Ten.

Virus % frequency
Trj/Downloader.GK 19.47%
Exploit/Mhtredir.gen 6.86%
W32/Netsky.P.worm 4.70%
W32/Mabutu.A.worm 4.62%
Trj/Citifraud.A 4.34%
W32/Sasser.ftp 3.54%
W32/Gaobot.gen.worm 3.27%
Trj/StartPage.FH 3.05%
W32/Bagle.BC.worm 2.98%
Trj/Qhost.gen 2.93%

The following conclusions can be drawn from the data collected by Panda ActiveScan in November:

– Use of malicious code for financial gain. Of the ten viruses in the ranking, seven could be used directly or indirectly for financial gain. This could be through selling personal data, phishing-type fraud, stealing of confidential data, or by taking remote control of users’ computers.

– Significant activity of Trojans and worm/Trojans. In relation with the previous point, in November the trend that started some months ago has continued, with the prevalence of Trojans or worm/Trojans such as Mabutu.A. Both these types of malware are widely used to carry out frauds by cyber-crooks.

– Software vulnerabilities still represent a major threat. Five of the malicious code in this month’s Top Ten use vulnerabilities in software installed on computers in order to carry out their malicious action. Nevertheless, the fact that none of them have been discovered recently and that there has been plenty of time to apply the patches needed to fix them, indicates that there are many users who are not updating their systems frequently enough. This is why software vulnerabilities continue to be a serious threat as they allow the propagation of a wide variety of malicious code, regardless of whether the flaw has recently been discovered or has been known for some time.

Don't miss