Top Ten viruses most frequently detected by Panda ActiveScan in January 2005

Although the Bagle.BL worm appeared last month and caused incidents in users’ computers worldwide, January can be classified as a relatively quiet month in terms of computer virus activity. However, in spite of this apparent calm, a large amount of Trojan activity was registered, especially those related to spyware.

January’s Top Ten, based on data gathered by the free, online antivirus Panda ActiveScan, reveals that the Downloader.GK Trojan was -for the eighth month running- the malicious code that has launched the most attacks on user computers. To be more precise, it was detected in over 8% of computers.

Second place in the ranking is taken by Sdbot.fpt, the generic detection for the script created by the Sdbot family of worms in the computers they infect. This malicious code is followed by Mhtredir.gen, a generic detection for a group of Trojans that allow a remote attacker to run code on computers.

The veteran Netsky.P worm ranks fourth, and fifth place is taken by the Shinwow.E Trojan, capable of preventing the computer from working correctly and of modifying the start page of Internet Explorer.

Two Trojans HideProc.B and WmvDownloader.A come in sixth and seventh place in this edition of the Top Ten. The second of these Trojans has attracted quite a lot of attention, as it uses Windows Media Player DRM technology to install spyware on computers. These are followed by Qhost.gen, a generic detection of a modification of the Windows HOSTS file.

Gaobot.gen, the generic detection for a family of worms that steal confidential data, ranks ninth, followed by Sasser.ftp, the script created by some worms in the Sasser family in the computers they attack.

Virus % frequency
Trj/Downloader.GK 8.49%
W32/Sdbot.ftp 5.66%
Exploit/Mhtredir.gen 5.24%
W32/Netsky.P.worm 4.10%
Trj/Shinwow.E 3.70%
Trj/HideProc.B 3.39%
Trj/WmvDownloader.A 2.46%
Trj/Qhost.gen 2.45%
W32/Gaobot.gen.worm 2.44%
W32/Sasser.ftp 2.37%

The following conclusions can be drawn from the data collected by Panda ActiveScan in January:

– Trojans are still extremely active. Continuing the trend that started a few months ago, this type of malicious code -widely used to commit all types of cyber-crimes- still occupies the majority of places in the ranking.

– Spyware: a growing threat. Four of the six Trojans that appear in the Top Ten ranking download and install spyware. These programs collect data, such as the user’s browsing habits, and then sell them to dubious marketing companies.

– Many users still haven’t updated their computers. Half of the malicious code in the Top Ten exploit software vulnerabilities to spread and infect computers. It is important to stress that these are vulnerabilities that were resolved sometime ago, showing that there are still many users that have not updated their computers. This helps malicious code like Netsky.P, which exploits the IFrame vulnerability in Microsoft Internet Explorer fixed years ago, to continue infecting computers.

Don't miss