Sdbot.ftp worm once again rules the malware charts

The PandaLabs monthly ranking of the most prevalent malware saw several newly-discovered malicious codes entering for the first time in November. The W32/Nuwar worm, which entered directly in fourth place, stands out in particular. This worm spreads in email messages with text referring to the “Third World War’ or the supposed deaths of Bush or Putin.

Another new entry in the list, Banbra.DJM, is actually a variant of a classic family of Trojans designed to capture login details for several Brazilian banking services.

The last new entry is the Trj/Spamer.T Trojan, which represents a classic example of how malicious code is now being used by hackers: surreptitiously entering a computer and then turning it into a platform for sending out spam.

Among the veteran viruses in the list we find Sdbot.ftp once again occupying first place.  This is a script used by the Sdbot family of worms to download themselves onto computers via FTP. Although this malware has topped the rankings throughout 2006, in November there has been a slight decrease in the number of infected systems. Whereas in October it was detected in 2.08 percent of infected computers, this figure dropped in November to 1.9 percent.

In second place once again we find Torpig.A, which after rising rapidly to prominence in October, has remained stable, and was responsible for just under 1.5 percent of infections in November. Trj/Abwiz.A is also unchanged in third place in the list. This Trojan can be used to steal passwords stored on systems.
The veteran Netsky.P, a worm that exploits an vulnerability in Internet Explorer to run itself automatically, has dropped several places. This, along with the decrease in incidents involving Sdbot.ftp, could be an indication of an improvement in installations on computers, as both malicious codes directly exploit vulnerabilities which have been corrected for some time.

Don't miss