The absence of large-scale virus epidemics has, once again, been the most notable characteristic of the year. In fact, the list of frequently detected viruses during 2006 has varied little throughout the year. This does not mean, however, that there is a lower risk of infection. What is happening is that the attacks have become more silent and more specific, as they are increasingly motivated by financial gain rather than simply gratuitously attacking users’ computers. A report produced by anti-virus companies in the third quarter of 2006 revealed that 72 percent of Internet threats were financially motivated.
So, malware is just as prevalent as always, if not more so, and more pernicious, if that were possible, than before, as today's attackers are after your money. Despite what people may think the risk of virus infection is greater than ever. Firstly, due to the strategy of simultaneously distributing numerous variants of a malicious code, as was the case with Bagle or Gaobot, thereby increasing the chances of infection, and secondly, because the majority of attacks are now financially motivated, and are therefore more discreet.”
In first place, for the second successive year, is Sdbot.ftp. This malware first appeared in 2004 and six months later occupied first place in the ranking of our Top Ten. Since then it hasn't budged. The severity of this worm is classified as "medium" and there have been several variants all with the same MO of attacking random IP addresses, exploiting system vulnerabilities and downloading copies of the worm via FTP. In 2006, Sdbot.ftp was responsible for 2.62 percent of all infections.
Another veteran in the ranking of viruses detected by ActiveScan, which came second overall in 2006, is Netsky.P. This worm, detected in 1.22 percent of positive cases first appeared in 2004 and spreads via email and P2P file-sharing applications. Interestingly, this worm exploits the Exploit / "iframe" vulnerability in Internet Explorer for which a fix has been available for some time now. In third place this year is Exploit/Metafile. Responsible for just over 1 percent of infections, this malicious code is designed to exploit a critical vulnerability in the GDI32.DLL library in Windows 2003/XP/2000. If a computer is vulnerable, Metafile allows the code to be executed which can then be used, for example, to download and run spyware.
Tearec.A. is in fourth place. This worm, which spreads via email and computer networks, can disable and terminate certain antivirus programs. Fifth place is occupied by the Q.host.gen Trojan, which was found to be the culprit in 0.76 percent of infected computers. The remaining places in the ranking are occupied by Torpig.A, a Trojan that steals passwords saved by certain Windows services, Sober.AH.worm!CME-681, a worm that terminates several processes, including some belonging to security tools; Parite.B, a virus that infects PE files with EXE or SCR extensions; Gaobot.gen, a generic detection for the Gaobot family of worms which exploits software vulnerabilities, and Bagle.pwdzip, a detection of the notorious Bagle family.
Virus % of infections
W32/Sdbot.ftp.worm 2.62
W32/Netsky.P.worm 1.22
Exploit/Metafile 1.08
W32/Tearec.A.worm!CME-24 0.79
Trj/Qhost.gen 0.76
Trj/Torpig.A 0.69
W32/Sober.AH.worm!CME-681 0.67
W32/Parite.B 0.62
W32/Gaobot.gen.worm 0.55
W32/Bagle.pwdzip 0.54
Other conclusions that can be drawn from this year’s ranking include:
- The continuing threat of financial fraud: Sdbot holds, for the second year running, first place in our Top Ten. This is a typical bot/worm designed to exploit system vulnerabilities for financial gain, highlighting the growth of this type of attack. Similarly, threats like Exploit/Metafile or Torpig.A, which are also high up the list, demonstrate this increasingly prevalent trend.
- Variations of worms: Hackers are now tending to launch different variants of the same type of malware in a very short period of time in order to increase the probability of computers being infected. This is the case with Q.host, Gaobot or Bagle. Sdbot, the first in the ranking, has also undergone significant variations over recent months.
- Infections: In 2005, the first nine threats on the list were all responsible for more than 1 percent of infections, while in 2006, only the first three reached that percentage. This should not be understood as an indication that there is less malware, on the contrary, it suggests that there is actually more malware in circulation.
No comments:
Post a Comment