Sdbot.ftp.worm tops Panda ActiveScanstats for October

The recent trend with respect to virus threats has not changed significantly in October. Massive epidemics, as we have seen month after month, have seemingly disappeared. However, the great problem now is the sheer number of threats in circulation.

PandaLabs, using data generated by the ActiveScan free online scanner, has drawn up the ranking of the malicious code most frequently detected in October. Several examples of malware standout in particular. Sdbot.ftp (the script used by the Sdbot family of worms to download themselves via FTP) once again occupied first place, as it has done throughout 2006. Sdbot worms exploit vulnerabilities in Windows, such as RPC-DCOM, LSASS, etc, in order to infect computers. The fact that this code still tops the ranking indicates how many users are still not updating their systems.

Virus name      % frequency       
W32/Sdbot.ftp.worm      2.08
Trj/Torpig.A    1.74 
Trj/Abwiz.A     1.18 
W32/Netsky.P.worm       0.96
W32/Puce.E.worm 0.85    8
Trj/Jupillites.G        0.80 
Tr j/Mitglieder.JB      0.79 
Trj/Ruins.A     0.78  
Trj/Qhost.gen   0.73
Trj/Banker.EXW  0.68

In second place, two places higher than last month, came the Torpig.A Trojan, responsible for 1.74% of infections. This Trojan, although seemingly inoffensive, can actually carry out attacks and intrusions. The great danger of Torpig.A is that it captures certain information entered or saved by the user, with the corresponding threat to user privacy. This includes passwords saved by certain Windows services.

The appearance of Abwiz.A in third place in the list is also concerning, as this Trojan can be used to steal passwords stored on the system. In order to go undetected by even the most experienced users, Abwiz.A has a built-in system for hiding itself on computers.

After the veteran Netsky.P in fourth place (which exploits and Internet Explorer vulnerability to run automatically), there is another code which is creeping up the ranking. Puce.E.worm which was in eighth position last month has a series of characteristics that make it particularly dangerous: it prevents programs from accessing websites of several security related companies; it redirects attempts to access certain banks’ web pages to imitation pages in order to capture user login information and it re-routes connections to several web pages to another IP address.

The final five positions in the ranking are occupied by the Trojans Jupillites.G, Mitglieder.JB, Ruins.A, Qhost.gen and Banker.EXW.  All of these examples of malware allow an attacker to surreptitiously enter infected computers and carry out numerous actions, most notably, using the system fraudulently for sending spam. They can also be used for other illegal and dangerous activity including launching attacks against companies and stealing confidential information using the affected computer as a cover.

Don't miss