RSS

Kido worm, Sality virus top June 2010 malware statistics, Kaspersky Lab says

23 Jul

The Kido worm and Sality virus continue to top the list of the most malicious malware for the month of June this year, according to a report by Internet security software company Kaspersky Lab.

Both Kido and Sality and their variants have been topping the list since the start of the year, having infected a total of at least 1 million PCs per month. However, the list almost did not change from the previous month.

Kido is a net-worm spread through computer networks and even through removable drives. This causes buffer overruns. It is also associated with the Conficker net-worm. Meanwhile, the Sality virus has a variety of purposes though it is most effective as a keylogger, which allows the virus to save the username or password of users on an infected computer.

Position Change in position Name Number of infected computers
1   0 Net-Worm.Win32.Kido.ir   304259  
2   0 Virus.Win32.Sality.aa   193081  
3   0 Net-Worm.Win32.Kido.ih   175811  
4   0 Net-Worm.Win32.Kido.iq   141243  
5   new Exploit.JS.Agent.bab   134868  
6   -1 Trojan.JS.Agent.bhr   130424  
7   -1 Worm.Win32.FlyStudio.cu   102143  
8   -1 Virus.Win32.Virut.ce   69078  
9   -1 Trojan-Downloader.Win32.VB.eql   57578  
10   -1 Worm.Win32.Mabezat.b   47548  
11   new P2P-Worm.Win32.Palevo.fuc   44130  
12   -2 Trojan-Dropper.Win32.Flystud.yo   40081  
13   new Worm.Win32.VBNA.b   33235  
14   0 Trojan.Win32.Autoit.ci   32214  
15   2 Trojan-Downloader.Win32.Geral.cnh   31525  
16   -5 Worm.Win32.AutoIt.tc   30585  
17   -5 Packed.Win32.Krap.l   29149  
18   new Trojan.Win32.AutoRun.aje   25890  
19   return Email-Worm.Win32.Brontok.q   25183  
20   new Trojan.Win32.Autorun.ke   24809  

 

At fifth place is Exploit.JS. Agent.bab, a new entrant in the list. This virus exploits the CVE-2010—806 vulnerbility and downloads other malicious applications into victim machines.

A new variant of the P2P-Worm.Palevo has to be watched out as it makes a slow comeback since March 2010. Because it spreads through peer-to-peer download applications, it makes copies of itself into the download and upload folders. It also sends via links on instant messengers. Palevo.fuc also works with Trojan.Win32.Autorun to spread to removable drives.

Kaspersky Lab security analyst Kirill Kruglov said at least 50,000 removable drives fell victim to Trojan.Win32.Autorun, whose variants are occupying the 18th and 20th rank in Kaspersky Lab’s malware list this June.

Some malicious applications also trick users to download supposed antivirus into their computers. The method is simple: an “infected” website will warn visitors that it has a malicious application running and offers to have users download an antivirus. When the software “scans” the PC, it will later download the antivirus which is actually a variant of Trojans or other viruses.

Unwanted adwares are also in the list of Kaspersky Lab’s most unwanted applications for June. Adwares remain in computers an gather data about user behavior, then it sounds out to advertising companies the data, who in turn send user-targeted advertisements.

Kruglov says cybercriminals are trying to find ways to package and propagate their malwares by looking for PC exploits, and using phishing and social engineering.

“Despite the fact that antivirus companies are constantly on the alert for this kind of thing, users also need to do their bit and remain vigilant. Remember, how and what you search for on the Internet can potentially reveal a whole lot more about you than you might want anyone to know!” Kruglov said.

 
Leave a comment

Posted by on July 23, 2010 in Kaspersky Lab

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

 
%d bloggers like this: