Top viruses and malware in 2006

The absence of large-scale virus epidemics has, once again, been the most notable characteristic of the year. In fact, the list of frequently detected viruses during 2006 has varied little throughout the year. This does not mean, however, that there is a lower risk of infection. What is happening is that the attacks have become more silent and more specific, as they are increasingly motivated by financial gain rather than simply gratuitously attacking users’ computers. A report produced by PandaLabs in the third quarter of 2006 revealed that 72 percent of Internet threats were financially motivated
 
The large-scale threats are disappearing, but there has still been a series of particularly virulent attacks which merit our close attention. With this in mind, Panda Software has published the Top Ten of the viruses most frequently detected in 2006.
 
In first place, for the second successive year, is Sdbot.ftp.  This malware first appeared in 2004 and six months later occupied first place in the ranking of our Top Ten.  Since then it hasn’t budged. The severity of this worm is classified as “medium” and there have been several variants all with the same MO of attacking random IP addresses, exploiting system vulnerabilities and downloading copies of the worm via FTP. In 2006, Sdbot.ftp was responsible for 2.62 percent of all infections.
 
Another veteran in the ranking of viruses detected by ActiveScan, which came second overall in 2006, is Netsky.P. This worm, detected in 1.22 percent of positive cases first appeared in 2004 and spreads via email and P2P file-sharing applications. Interestingly, this worm exploits the Exploit/iframe vulnerability in Internet Explorer for which a fix has been available for some time now. In third place this year is Exploit/Metafile. Responsible for just over 1 percent of infections, this malicious code is designed to exploit a critical vulnerability in the GDI32.DLL library in Windows 2003/XP/2000.  If a computer is vulnerable, Metafile allows the code to be executed which can then be used, for example, to download and run spyware.
 
Tearec.A. is in fourth place. This worm, which spreads via email and computer networks, can disable and terminate certain antivirus programs. Fifth place is occupied by the Q.host.gen Trojan, which was found to be the culprit in 0.76 percent of infected computers. The remaining places in the ranking are occupied by Torpig.A, a Trojan that steals passwords saved by certain Windows services, Sober.AH.worm!CME-681, a worm that terminates several processes, including some belonging to security tools; Parite.B, a virus that infects PE files with EXE or SCR extensions; Gaobot.gen, a generic detection for the Gaobot family of worms which exploits software vulnerabilities, and Bagle.pwdzip, a detection of the notorious Bagle family.

Other conclusions that can be drawn from this year’s ranking include:
 
– The continuing threat of financial fraud: Sdbot holds, for the second year running, first place in our Top Ten. This is a typical bot/worm designed to exploit system vulnerabilities for financial gain, highlighting the growth of this type of attack. Similarly, threats like Exploit/Metafile or Torpig.A, which are also high up the list, demonstrate this increasingly prevalent trend.
 
– Variations of worms: Hackers are now tending to launch different variants of the same type of malware in a very short period of time in order to increase the probability of computers being infected. This is the case with Q.host, Gaobot or Bagle. Sdbot, the first in the ranking, has also undergone significant variations over recent months.
 
– Infections: In 2005, the first nine threats on the list were all responsible for more than 1 percent of infections, while in 2006, only the first three reached that percentage. This should not be understood as an indication that there is less malware, on the contrary, it suggests that there is actually more malware in circulation.
Â