Previous
Panda Software News: Top Ten viruses most frequently detected by Panda ActiveScan in January
Added: (Tue Feb 01 2005)
Top Ten viruses most frequently detected by
Panda ActiveScan in January
Downloader.GK was, for the eighth month running, the virus most frequently detected by the free, online scanner, Panda ActiveScan.
CAMBRIDGE, February 1, 2005
Although the Bagle.BL worm appeared last month and caused incidents in users’ computers worldwide, January can be classified as a relatively quiet month in terms of computer virus activity. However, in spite of this apparent calm, a large amount of Trojan activity was registered, especially those related to spyware.
January’s Top Ten, based on data gathered by the free, online antivirus Panda ActiveScan, reveals that the Downloader.GK Trojan was, for the eighth month running, the malicious code that has launched the most attacks on user computers. To be more precise, it was detected in over 8% of computers.
Second place in the ranking is taken by Sdbot.fpt, the generic detection for the script created by the Sdbot family of worms in the computers they infect. This malicious code is followed by Mhtredir.gen, a generic detection for a group of Trojans that allow a remote attacker to run code on computers.
The veteran Netsky.P worm ranks fourth, and fifth place is taken by the Shinwow.E Trojan, capable of preventing the computer from working correctly and of modifying the start page of Internet Explorer.
Two Trojans HideProc.B and WmvDownloader.A come in sixth and seventh place in this edition of the Top Ten. The second of these Trojans has attracted quite a lot of attention, as it uses Windows Media Player DRM technology to install spyware on computers. These are followed by Qhost.gen, a generic detection of a modification of the Windows HOSTS file.
Gaobot.gen, the generic detection for a family of worms that steal confidential data, ranks ninth, followed by Sasser.ftp, the script created by some worms in the Sasser family in the computers they attack.
Global Top 10 viruses % frequency
January 2005
Trj/Downloader.GK 8.49%
W32/Sdbot.ftp 5.66%
Exploit/Mhtredir.gen 5.24%
W32/Netsky.P.worm 4.10%
Trj/Shinwow.E 3.70%
Trj/HideProc.B 3.39%
Trj/WmvDownloader.A 2.46%
Trj/Qhost.gen 2.45%
W32/Gaobot.gen.worm 2.44%
W32/Sasser.ftp 2.37%
Similar to the Global statistics Trj/Downloader.GK is still dominating the Top 10 viruses detected in the UK by Panda ActiveScan.
Top 10 viruses % frequency
In the UK
January 2005
Trj/Downloader.GK 10.93%
W32/Sdbot.ftp 5.79%
Exploit/Mhtredir.gen 4.84%
Trj/Downloader.ADJ 4.41%
W32/Netsky.P.worm 3.11%
Trj/HideProc.B 2.86%
Trj/Shinwow.E 2.86%
Trj/Qhost.gen 2.8%
W32/Sasser.ftp 2.77%
Trj/StartPage.PX 2.67%
The following conclusions can be drawn from the data collected by Panda ActiveScan in January:
- Trojans are still extremely active. Continuing the trend that started a few months ago, this type of malicious code -widely used to commit all types of cyber-crimes- still occupies the majority of places in the ranking.
- Spyware: a growing threat. Four of the six Trojans that appear in the Top Ten ranking download and install spyware. These programs collect data, such as the user’s browsing habits, and then sell them to dubious marketing companies.
- Many users still haven’t updated their computers. Half of the malicious code in the Top Ten exploit software vulnerabilities to spread and infect computers. It is important to stress that these are vulnerabilities that were resolved sometime ago, showing that there are still many users that have not updated their computers. This helps malicious code like Netsky.P, which exploits the IFrame vulnerability in Microsoft Internet Explorer fixed years ago, to continue infecting computers.
To help as many users as possible keep their systems virus free, Panda Software offers Panda ActiveScan, free of charge, at http://www.pandasoftware.co.uk/. Webmasters who would like to include ActiveScan on their websites can get the HTML code, free of charges, at http://www.pandasoftware.com/partners/webmasters.
Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software's website (http://www.pandasoftware.com) and complete the corresponding form in the Virus Alerts section.
For more information about these and other malicious code, visit Panda Software's Virus Encyclopaedia at: http://www.pandasoftware.com/virus_info/encyclopedia
About Panda Software's virus laboratory
On receiving a possibly infected file, Panda Software's technical staff get straight down to work. The file is analysed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.
For more information: http://www.pandasoftware.com/virus_info/
Andy Mckewan
amckewan@pandasoftware.co.uk
(0)870 444 5640