Security News
April Virus Top 10
Fri, 01 June 2007
The popularity of Avira used by virus writers in a cyber fraud
Avira, a leading provider of professional IT security solutions, today released its monthly top ten viruses reported for April, 2007. The most virulent attack of April was a Trojan which pretended to be a fake order confirmation from Avira - the popularity of the AntiVir producer has been misused for criminal purposes.
The figures of this month indicate stagnant tendencies - for the 6th consecutive month Netsky.P has taken the first position in Avira's top for April. Netsky.P has amassed a total of 29.3% of all detections made by the Avira Virus Research Laboratory.
There is a slight change to the second and third positions of our chart: TR/Dldr.Stration.Gen and TR/Bagle.GD have switched places due to the alarming rise of the Stration virus with 12.8 %. TR/Dldr.Stration.Gen made it back to number two, despite a cure being available for nearly six months, accounting 19.8 % of all viruses in April.
The fourth place is occupied by Mytob.MR which is only one of many representatives of a family of worms which first appeared in 2005. But what is really worrying is the fact that Mytob.MR is not alone - the April Top 10 includes another 4 versions of this family. There's no doubt that this viral family will continue to appear many times from now on in our malware hierarchy.
There are no new entries in our virus ranking but we continue to see the old timers reentering and remaining in the malware chart.
The other threats of April which didn’t make it to the top 10 were the worm Pykse, the Trojan inside false AntiVir emails and TR/Small.DBY.
Worm/Pykse.A, a virus which spreads via Skype, turns the user mode from the Skype-Client into "Do not disturb" and then sends messages with a malware link to all online contacts.
The impertinence of virus writers is beyond limits: the reputation of Avira AntiVir made virus writers to use it in an outrageous online fraud. Security experts of Avira warned against spoof virus protection invoices which claim to be based on an alleged online order at Avira/cleverbridge - TR/Dldr.iBill.AJ.
And the last virus analyzed this month is TR/Small.DBY, a Trojan spread by spam emails. The virus is packed inside an archive protected by a password which is also sent as an attachment.
In all the three cases the Avira AntiVir users were protected with VDF updates.
As we noticed for some time, the malware front is changing and we are confronting with a new generation of virus writers.
The days of young hackers, who wanted to impress their friends and to prove that they are capable of stealing passwords, that they could twiddle the phone system and make a free phone call, breaking NASA servers or creating a virus that can harm millions of PC's, are gone.
Today we have to deal with a new generation of cyber punks whose intentions are mainly to gain money. They don’t have to be pioneering or to have great technical skills in order to trick users to download malicious programs. It's enough to search the Internet looking for some hacking tools, most of them being automated, and you'll even get step-by-step instructions on how to use them. Basically, the new generation of hackers needs only to follow instructions and to find interesting subjects about popular targets and the results will come: more computers infected - more profit for them.
According to our specific statistic dates in April the proportion of spam emails reached 84.87 % of all malware trapped. Phishing emails made up a moderate percentage (9.41
%) of all viral codes found in April by Avira and the viruses represented 5.72%.
Here is a shot of our April Virus Top 10:
For technical information on any of these worms, please see the detailed descriptions on the Avira website. Also, please keep in mind that all Avira users are perfectly protected against these threats.
Make sure you update your Avira product on a regular basis in order to detect the latest threats. |
The phishing hierarchy for April shows an interesting situation: the new-entry of
PosteItaliane. This phishing attack, first discovered in March, made up 18.36 % of all phishing attacks detected this month. The difference between PosteItaliano and the second place - Ebay - is almost indistinguishable: only 0.14 %. It seems that we have a new competitor for the phishing podium.
Chase Bank disappeared from our rankings and probably it will appear again next year or hopefully will disappear completely.
For more information on how to recognize a phishing fraud, take your time to read our dedicated page
|
The new targets of phishing attacks detected in April by Avira were: Arizona Federal Credit Union,
Bank of Queensland, Dade County Federal Credit Union, Earthmover Credit Union, First Indiana Bank, Guaranty Bond Bank, Banca Sanpaolo,
Interactive Brokers, Keesler Federal Credit Union and IW Bank.
Avira strongly recommends all users to be careful with suspicious emails and unexpected attachments, no matter what interesting subjects they might claim to be carrying and to update their security product on a regular basis.
For more information on how to recognize a phishing fraud, take your time to read our dedicated page:
http://www.avira.com/en/threats/what_is_phishing.html
Remember that we are here to assist you against the malware threat. Get rid of your doubts when facing a suspect file: just send it to
virus@avira.com and we will analyze it for you. Take a moment to see how to submit malware and then follow our instructions to send the suspicious file:
http://www.avira.com/en/support/submit_suspicious_files.html
Virus threats 
Print this page
.gif)
