Over 50% of infections detected in February were spyware and trojans

Spyware and Trojans were the malware responsible for most infections in February.  As in January, spyware accounted for 33 percent of the infections detected by ActiveScan. Meanwhile, Trojans have increased two points in comparison to January, causing 25 percent of infections.

Regarding new examples of malware, 60 percent of those detected in February were Trojans.  This is 11 points up on January.  

“The distribution of the new variants that appeared last month is very significant. This classification indicates where malware creators are heading. The high number of new Trojans confirms that cyber-crooks have exclusively financial aims,” explains  Corrons.

After Trojans came bots and backdoor Trojans, followed by worms (8%), dialers (3%) and spyware (1%).
 
Regarding February’s most active malicious codes, Sdbot.ftp is in the first position once again. Sdbot.ftp is the generic script detection that certain worms exploit to download Sdbot onto a computer. This worm has been the most active malware for more than twelve months.

In second place is Bagle.HX. This worm was in the tenth position last month. Bagle.HX is from the Bagle family of worms, one of the most active last year. This variant uses rootkit features to hide its processes. It also disables some security solutions’ functions. The aim of both characteristics is to make it more difficult to detect.

Puce.E is in the third position, as it was last month. It is a worm that spreads through P2P networks.  The fourth and fifth positions also correspond to two worms: Brontok.H and Nurech.A.  The first spreads by making copies of itself on the affected system.  The second is the first variant of a family that was very active in February.  What’s more, Nurech.A caused PandaLabs to declare an Orange Virus Alert half way through the month.

Nurech.A spreads in subjects pretending to be greeting cards.  It hides in an attached executable file with names like Flash Postcard.exe or Greeting Card.exe.  Nurech.A is one of the few new entries in the list.

Abwiz.A has dropped from fourth to sixth position.  It is a Trojan designed to steal passwords stored on the system. In seventh position is PcClient.DU, a backdoor Trojan which opens a port in the system in order to allow attackers to remotely control the infected computer. 

Torpig.A is the malware that has decreased most drastically in February.  It has gone from  second to eighth position.  Torpig.A is a Trojan that steals confidential data from users, such as passwords stored on certain Windows services.

Netsky.P is in the ninth position.  It is a worm that uses specific Internet Explorer vulnerabilities in order to spread.  The tenth most active malware in February was Rizaloff.TT.  This Trojan captures users’ confidential data.