Adware and Trojans caused most infections in April

Adware, responsible for 27 percent of infections, was the most active category of malware in April. Trojans, at 25 percent, were the other category to have caused a high number of incidents.

Adware tracks users’ Internet activity (pages visited, words searched-¦) and uses this to display personalized ads. Trojans are another major threat at the moment. The number of infections caused by the type of malware has increased steadily over the last few months. In fact, over the first quarter of 2007, Trojans were the most active category of malware.

The rest of the infections recorded were caused by a wide variety of malware types: worms (8%), backdoor Trojans (5%), dialers (4%) spyware (3%), bots (3%) and others.

The most significant news this month is that Sdbot.ftp is no longer the most commonly detected specific example of malware. After more than a year at the top, this month Sdbot.ftp has dropped down to fifth place.

In fact, there are six new entries in the list of the threats most frequently detected by ActiveScan, and these include the three most virulent examples in April. The first of these is Instadia. This is a cookie installed on computers from certain web pages. As is often the case with this type of software, it is not malicious in itself, but can be used maliciously by other code.

The second most active malicious code last month was KillAV.FW. This is a Trojan designed to steal confidential information from computers. Downloader.NOE, which has similar functions, was third on the list.

In fourth place came Brontok.H, a worm which has been high up in the ranking for some months now. Sdbot.ftp, as mentioned above, was in fifth place. In sixth place was Puce.E, another regular in the ranking. This worm uses P2P networks in order to spread. The Clicker.ZL Trojan was in seventh place.     

In eighth and ninth place came Agent.DIL and KillAV.FG respectively: The first of these is designed to aid intrusions on infected computers. The second is a Trojan that prevents several security solutions from working correctly and connects to a server to allow the infected computer to be controlled remotely.  This Trojan belongs to the same family as KillAV.FW.

Last in the list is Spylocked. This is adware that passes itself off as a security tool, supposedly detecting malware on computers. The aim is to get users to buy the product as protection. If they do buy it, the product ceases to detect malicious code. This malware has used other names such as SpywareQuake or VirusBurst.


Don't miss