English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1
Latest posting
By rating
By popularity

Join our blog

You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.

Virus Watch|Malware Miscellany, December 2008

Yury
Kaspersky Lab Expert
Posted January 22, 07:23  GMT
Tags: Malware Miscellany
0
 


  • Greediest Trojan targeting banks
    Trojan.Win32.Qhost.gn wins this category, by redirecting clients of 39 different banks to phishing sites.
  • Greediest Trojan targeting payment systems and payment cards
    Just like last month, a single piece of malware comes out top in these two categories. This time, it’s Trojan.Win32.Agent.eii, which targets users of three payment systems and 4 payment cards simultaneously.
  • Stealthiest malicious program
    Trojan-PSW.Win32.LdPinch.auv is packed with 10 different packers.
  • Smallest malicious program
    Trojan.BAT.Shutdown.g is a mere 20 bytes, but it’s still able to reboot the infected computer in spite of its minute size.
  • Largest malicious program
    Trojan-Banker.Win32.Banbra.bby is 27 MB in size.
  • Most common malicious code which exploits a vulnerability
    In December, exploits for an SWF vulnerability made up 12% of all malicious content.
  • Most common malicious code on the Internet
    Trojan-Downloader.HTML.IFrame.wf accounted for nearly 8% of all malicious traffic this month.
  • Most common Trojan family
    1499 previously unknown modifications make Backdoor.Win32.Hupigon the winner of this category in December.
  • Most common virus/ worm family
    Worm.Win32.AutoRun came up with 312 new modifications this month, putting it at the top of this class.

Comment      Link

Virus Watch|Malware Miscellany, November 2008

Yury
Kaspersky Lab Expert
Posted December 19, 11:05  GMT
Tags: Malware Miscellany
0
 


  • Greediest Trojan targeting banks
    Trojan-Spy.Win32.Egoldan.az targets the users of 20 banking systems (a relatively low number when compared to previous winners of this category.)
  • Greediest Trojan targeting payment systems and payment cards
    Trojan.Win32.Obfuscated.gen wins both categories in November by targeting 4 payments systems and 3 payment card systems simultaneously.
  • Stealthiest malicious program
    Trojan-PSW.Win32.LdPinch.beo is packed with 9 different utilities.
  • Smallest malicious program
    The 22 bytes of Trojan.BAT.Shutdown.g enable it to automatically launched and then force the victim machine into constantly rebooting.
  • Largest malicious program
    Trojan-Banker.Win32.Banker.kum is 19MБ in size, which is very small in comparison with previous winners of this category.
  • Most widespread malicious code which exploits a vulnerability
    Exploit.JS.RealPlr.nn made up more than 8% of all malicious content in December.

  • Most common malicious program on the Internet
    Trojan-Downloader.JS.Iframe.yv was responsible for 4% of all malicious content detected on the web during November 2008.
  • Most common Trojan program
    There were 1723 new modifications of Trojan.Win32.Agent this month.
  • Most common virus/ worm family
    Again, Worm.Win32.AutoRun wins this category, but with only 337 new modifications – a significant increase on October’s 75 new modifications.

Comment      Link

Virus Watch|Malware Miscellany, October 2008

Yury
Kaspersky Lab Expert
Posted November 24, 12:54  GMT
Tags: Malware Miscellany
0
 

  1. Greediest Trojan targeting banks
    Now that autumn is into its stride, there’s been a change in this category; October’s winner is Trojan-Spy.Win32.Bzub.cqz, rather than a member of the Banker family. Bzub.cqz targets clients of 34 different banks.
  2. Greediest Trojan targeting payment systems
    Trojan.Win32.Agent.afhy comes out top, attacking 4 different epayment systems at once.
  3. Greediest Trojan targeting payment cards
    The Agent family wins again in this category, with Trojan.Win32.Agent.agyz searching out users of 5 card systems.
  4. Stealthiest malicious program
    The Hupigon family, which makes frequent appearances in this category, takes the lead in October; one modification of Backdoor.Win32.Hupigon.btlis packed with 8 different packers.
  5. Smallest malicious program
    In spite of being a mere 20 bytes in size, Trojan.BAT.KillAll.an is able to delete all files from disk.
  6. Largest malicious program
    Trojan.Win32.Haradong makes a return this month – modification .ga weighs in at more than 200MB.
  7. Most common vulnerability on the Internet
    In October, Exploit.SWF.Downloader.hn accounted for 2.3% of all malicious content detected on the Internet.
  8. Most common malicious program on the Internet
    Trojan-Downloader.Win32.IstBar.cx was the most common malicious program on the Internet in October, accounting for a “modest” 2.1% of all malicious content detected.
  9. Most common Trojan family
    Backdoor.Win32.Hupigon puts in yet another appearance in this category, this time with 3891new modifications.
  10. Most common virus/ worm family
    There are no changes in this category either this month, with Worm.Win32.AutoRun taking the crown again. And its numbers are similar to those of last month – 651 new modifications in October as against September’s 655.

Comment      Link

Virus Watch|Malware Miscellany, September 2008

Yury
Kaspersky Lab Expert
Posted October 15, 11:35  GMT
Tags: Malware Miscellany
0
 

  1. Greediest Trojan targeting banks
    This month, the nomination goes to Trojan-Banker.Win32.Banker.xkz, from the same family that won this category last month. This particular sample targets the users of 28 banks at once.
  2. Greediest Trojan targeting payment systems
    September's winner is Trojan.Win32.Agent.adtp which has its sights set on four e-payment systems simultaneously.
  3. Greediest Trojan targeting payment cards
    It's been a long time since we've seen a malicious program which wins out in more than one category. Autumn has brought a surprise entrant, with Trojan-Banker.Win32.Banker.xkz making an appearance in this category as well - in addition to going after 28 banks, it also targets five different payment cards.
  4. Stealthiest malicious program
    Autumn has brought about a change in this category - instead of the customary Hupigon, September features a modification of Backdoor.Win32.Netbus.160.e, which is packed with nine different packers.
  5. Smallest malicious program
    September's winner, just like August's, is 31 bytes in size, but has a different payload - it's a new modification of Trojan.BAT.MouseDisable.c. And its name tells you everything you need to know - this Trojan will block the mouse.
  6. Largest malicious program
    Yet another Trojan-Banker wins the crown in this category: Trojan-Banker.Win32.Banbra.dkj weighs in at 34MB.
  7. Most common vulnerability on the Internet
    In September, this category was taken by Exploit.Win32.PowerPlay.a - it made up 6% of all vulnerabilities identified on web pages that were used to deliver malicious code to victim machines.
  8. Most common malicious program on the Internet
    Trojan-Downloader.Win32.Small.aacq, which won this category last month as well, still triumphs here; it's involved in 20% of all cases, which is a pretty high number!
  9. Most common Trojan family
    Once again, this category is taken by an old familiar: Backdoor.Win32.Hupigon.c, which came over the finish line in September with 3072 new modifications.
  10. Most common virus/ worm family
    There's also been no change in this category - as we move into autumn, Worm.Win32.AutoRun continues to reign, with 655 new modifications.

Comment      Link

Virus Watch|Malware Miscellany, August 2008

Yury
Kaspersky Lab Expert
Posted September 16, 15:09  GMT
Tags: Malware Miscellany
0
 


  1. Greediest Trojan targeting banks
    Trojan-Banker.Win32.Banker.rqk leads this month, even though it only attacks 26 banks, a relatively low number.
  2. Greediest Trojan targeting payment systems
    In August, a new modification of Backdoor.Win32.Agobot.gen won this category by targeting four payment systems simultaneously.
  3. Greediest Trojan targeting payment cards
    Trojan-Banker.Win32.Banbra.vf targets four payment card systems.
  4. Stealthiest malicious program
    Following last month's victory, the Hupigon family makes another appearance with Backdoor.Win32.Hupigon.nqr – a program packed with seven different packers.
  5. Smallest malicious program
    Trojan.BAR.Tiny.a is a mere 31 bytes in size; it searches the system for applications and runs any it finds.
  6. Largest malicious program
    Trojan-Banker.Win32.Banker.qwp is only 27 MB in size – not particularly large for this category, but it still manages to take the prize.
  7. Most widespread malicious code which exploits a web vulnerability
    Trojan-Clicker.HTML.IFrame.uu.
  8. Most common malicious program on the Internet
    Trojan-Downloader.Win32.Small.aacq, the winner of this category which was introduced last month, is responsible for every 20th infection.
  9. Most common Trojan program
    Backdoor.Win32.Hupigon makes another appearance in this miscellany with 1044 modifications this month.
  10. Most common virus/ worm family
    August brought 75 modifications of Worm.Win32.AutoRun, a relatively small number for the winner of this category.

Comment      Link

Virus Watch|Malware Miscellany, July 2008

Yury
Kaspersky Lab Expert
Posted August 21, 11:44  GMT
Tags: Malware Miscellany
0
 


  1. Greediest Trojan targeting banks
    This month, the winner is a modification of Trojan-Spy.Win32.Bzub.bvq – it's quite modest in its ambitions, targeting a mere 36 banks, a relatively low number for malware in this category.
  2. Greediest Trojan targeting payment systems
    Trojan-Banker.Win32.Banker.qhq targets three payment systems simulaneously
  3. Greediest Trojan targeting payment cards
    Trojan-Spy.Win32.Banker.qdo targets three payment card systems – exactly the same number as its close relative in the previous category
  4. Stealthiest malicious program
    July's nomination in this category was taken by Backdoor.Win32.Hupigon.cqzq – notwithstanding the program being packed seven times, it still got added to our antivirus databases
  5. Smallest malicious program
    In July, Trojan.BAT.KillWin.vx demonstrated its dislike of Windows by using its 36 bytes to delete winlogon.exe, a system file.
  6. Largest malicious program
    The 203MB of Trojan-Win32.Haradon.ga, this month's winner, were spread in the guise of a screensaver.
  7. Most common vulnerability on the Internet
    The category 'Most malicious program', a fixture in previous Miscellanies, is no longer particularly indicative of the malware landscape. So this month we've introduct a new category – 'Most cmmon vulnerability on the Internet', i.e. the one most exploited by malicious users. This month the victory goes to Trojan.Clicker.HTML.Iframe.sy, which makes up more than 12% of all vulnerabilites found on web pages used by malicious users to infect victim machines.
  8. Most common malicious program on the Internet
    The category 'Most common malicious program in email traffic' has also changed. Readers of this column may remember that the winner of that nomination remained unchanged over several months. In order to give a more representative picture, this cateogory is now called 'Most common malicious program on the Internet. Trojan.Win32.Agent.sav wins out in July, as it was involved in 5.52% of all attempts to infect users.
  9. Most common Trojan family
    Trojan-Downloader.Win32.Zlob makes an appearance this month, with a relatively low 1217 modifications.
  10. Most common virus/ worm family
    This category again features Worm.Win32.AutoRun with another 126 new modifications in July.

Comment      Link

Virus Watch|Malware Miscellany, June 2008

Yury
Kaspersky Lab Expert
Posted July 11, 11:36  GMT
Tags: Malware Miscellany
0
 


  1. Greediest Trojan targeting banks
    As we move into summer, Trojan-Banker.Win32.Banker.ohq takes the crown in this category, by targeting customers of 56 banks.
  2. Greediest Trojan targeting e-payment systems
    Trojan-Banker.Win32.Banker.olr wins this category in June, targeting three payment systems.
  3. Greediest malicious program targeting payment cards
    Here, naturally enough, there's another password stealing Trojan: Trojan PSW.Win32.Agent.apl has its sights sent on four payment card systems
  4. Stealthiest malicious program
    Trojan-PSW.Win32.Delf.jj wins this month, as it's packed with eight different packers.
  5. Smallest malicious program
    Trojan.BAT.KillFiles.hx is rather larger than last month's winner in this category but is still only 26 bytes in size. It's capable of wiping the contents of C:.
  6. Largest malicious program
    June's winner, Trojan Banker.Win32.Bancos.mk, at 31MB in size, is by no means the largest program we've seen in this category.
  7. Most malicious program
    Once again Agobot makes an appearance, with a modification of Backdoor.Win32.Agobot.gen victorious this month. Its payload holds no surprises: it deletes a wide range of security products both from memory and from disk.
  8. Most common malicious program in email traffic
    This category doesn't seem to change much from month to month: our old friend, Email-Worm.Win32.Netsky.q again takes the prize, having made up 34.15% of infected mail traffic in June.
  9. Most common Trojan family
    3295 different modifications of Trojan-GameThief.Win32.OnlineGames were detected this month.
  10. Most common virus/ worm family
    Worm.Win32.Autorun is back after an absence last month, with 152 new modifications: not a huge number for this category.

Comment      Link

Virus Watch|Malware Miscellany, May 2008

Yury
Kaspersky Lab Expert
Posted June 12, 11:30  GMT
Tags: Malware Miscellany
0
 

  1. Greediest Trojan targeting banks
    Trojan-Spy.Win32.Banker.mrj comes out as the greediest banking Trojan in May, targeting the clients of 103 banks simulataneously.
  2. Greediest Trojan targeting payment systems
    Although Trojan-PSW.Win32.Staem only targets a relatively modest three payment systems, it still comes out top in this category.
  3. Greediest malicious program targeting payment cards
    This month, one of the new modifications of Trojan-Spy.Win32.Banker.tq takes the prize, targeting five payment card systems at once – no mean feat for malware in this category!
  4. Stealthiest malicious program
    May's stealthiest piece of malware is from an old family: the winning modification of Backdoor.Win32.Hupigon.bxbu is packed nine times over.
  5. Smallest malicious program
    Trojan.Bat.KillWin.dg, in spite of being a minimal 15 bytes in size, is still able to destroy Windows on the user's disk.
  6. Largest malicious program
    Although this month's winner, Trojan-Spy.Win32.Banker.fgw is a chunky 30MB in size, that's by no means a record for this category.
  7. Most malicious program
    A modification of Backdoor.Win32.Agobot.pgj wins the prize for maliciousness in May, as it combats antivirus solutions by deleting security software from victim machine.
  8. Most common malicious program in email traffic
    For the nth time, we've got Email-Worm.Win32.Netsky.q leading this cateogory, as it made up 23.12% of all malicious mail traffic in May.
  9. Most common Trojan family
    There's another old-timer here: 3301 new variants of the Backdoor.Win32.Hupigon family appeared in May.
  10. Most common virus/ worm family
    This category shows more variation than the preceding two: Net-Worm.Win32.Kolab.c, in 276 modifications, is a new winner of this nomination.

Comment      Link

Virus Watch|Malware Miscellany, April 2008

Yury
Kaspersky Lab Expert
Posted May 07, 13:02  GMT
Tags: Malware Miscellany
0
 


  1. Greediest Trojan targeting banks
    Trojan-Spy.Win32.Banker.lax, which targets customers of 104 banks, wins this category in April
  2. Greediest Trojan targeting payment systems
    Another variant of Banker, in this case Trojan-Spy.Win32.Banker.krv takes the palm this month. It targets the users of three e-payment systems.
  3. Greediest malicious program targeting payment cards
    April's winner in this category is Trojan-Spy.Win32.Bancos.blc, which has its sights set on three payment card systems at once.
  4. Stealthiest malicious program
    This month, one variant of Backdoor.Win32.Hupigon.bqsi wins out, being packed with seven different packers.
  5. Smallest malicious program
    The tiny Trojan.BAT.MouseDisable.b, with a mere 22 bytes, still manages once launched to block the mouse.
  6. Largest malicious program
    April's winner is Trojan-Dropper.Win32.Agent.nrh – at 46MB in size, it's not that large compared to previous victors in this category
  7. Most malicious program
    There's a new entrant in this category – a modification of Backdoor.Win32.Agobot.gen replaces the Haradong family which has ruled for the last two months. Malicious programs from this family search for and destroy antivirus solutions in all possible locations – in RAM, the system registry and on disk.
  8. Most common malicious program in email traffic
    In a couple of months we may have to reconsider the value of this category, as it's been almost exclusively occupied by Email-Worm.Win32.Netsky.q. The worm isn't conceding ground to any other malicious program, and during the last month it's even increased its share of infected mail traffic to 40.58%.
  9. Most common Trojan family
    Backdoor.Win32.Hupigon remains the most 'fertile' malicious program, giving birth to 3151 modifications in the course of a single month – only slightly fewer than last month.
  10. Most common virus/ worm family
    Worm.Win32.AutoRun heads this category in April, with 230 new modifications.

Comment      Link

Virus Watch|Malware Miscellany, March 2008

Yury
Kaspersky Lab Expert
Posted April 10, 13:22  GMT
Tags: Malware Miscellany
0
 

  1. Greediest malicious program targeting banks
    As we move into spring, this category is taken by one modification of Trojan-Spy.Win32.Banker.zq, which targets 109 banks simultaneously – a huge rise on last month's Banker.cji, which targeted 44 banks.
  2. Greediest malicious program targeting payment systems
    March's winner in this category is Trojan-Spy.Win32.Banker.etk, which has its sights set on a comparatively modest three payment systems.
  3. Greediest malicious program targeting payment cards
    Another member of the Banker family, Trojan-Spy.Win32.Banker.enw takes the crown this month, targeting the users of four different payment systems at once.
  4. Stealthiest malicious program
    If you're a regular reader of this column, you'll know that malware packed with ten different packers is nothing rare. And this month gives us yet another example: Trojan-Downloader.Win32.Delf.ain.
  5. Smallest malicious program
    Get your magnifying glasses out for this month's winner – Trojan.BAT.FormatC.r which weighs in at a mere 16 bytes, but still to wipe your C: disk
  6. Biggest malicious program
    For the second month in a row this category is taken by a member of the Haradong family; in this case it's Trojan.Win32.Haradong.fj, which weighs in at 305MB, 79MB larger than last month's entrant.
  7. Most malicious program
    With the transition to spring, the leader in this category has changed. March's winner is Backdoor.Win32.Rbot.gen, and given the nasty nature of the Rbot family, this comes as no surprise. The programs covered by this detection use a number of methods to disable a range of antivirus solutions.
  8. Most common malicious program in email traffic
    No changes here this month – once again we've got Email-Worm.Win32.Netsky.q leading, making up 37.39% of all infected mail traffic, slightly up on last month's 36%.
  9. Most common Trojan family
    March's winner is Backdoor.Win32.Hupigon – we detected a stunning 3381 modifications of this family in March!
  10. Most common virus/ worm family
    This category has something slightly new for March: Net-Worm.Win32.Kolab dominates this particular category with 35 modifications.

Comment      Link