Security News

April Virus Top 10

Tue, 09 May 2006

Two times in a row: the Chase phishing attack leads once again the phishing hierarchy

09 May 2006 - Avira reveals today the monthly malware chart based on specific sources and virus experts’ opinions. It is not unusual to find that the first position of the April Virus Top 10 is occupied again by the Netsky.P.

Comparing the March Virus Top 10 with the April malware ranking we discovered that the two prevalent malware families are still Netsky and Mytob. While Netsky.P is old fashioned our experts’ still discover new variants of Mytob. If last month the worm Mytob.IN.2 occupied the second position, a drop to the last position is however counterbalanced with other family members.

The worms Bagle.FR and Bagle.FI disappeared from the top 10, but various variants of the Bagle worm were still intercepted and detected as “Worm/Bagle.gen”. All Bagle submissions covered 10.6%, with a slight increase of 2% this month. However since it is not a specific detection for one variant but a generic detection, it is not listed in the top 10.

Avira's virus analysts   receive new variants of Mytob every single day. In order to be aware of the latest threats we created an “Outbreak Alert SYStem” – the Avira OASYS, which collects malware from various sources. Using several kinds of Honeypot technologies such as email and network traps. According to our statistics, most Mytob variants seem to be active for a very short period of time. For example, the monthly statistics for Worm/Mytob.NM show that is was most active between 18th and 22nd of April.

This month, the Virus Top 10 contains two new entries of rather old email worms: Worm/Bagz.C.2 and Worm/NetSky.#1. The total amount of different malware trapped, increased from 173 up to 187.

Here is a shot of our April Virus Top 10:

Worm/NetSky.P	27,8 %
Worm/NetSky.X	4,9 %
Worm/Lovgate.W	4,9 %
Worm/Netsky.D.Dam	3,2 %
Worm/Mytob.AT	3,2 %
Worm/NetSky.AA	2,8 %
Worm/Bagz.C.2	2,5 %
Worm/NetSky.#1	2,2 %
Worm/Mytob.AD	2,2 %
Worm/Mytob.IN.2	2,0 %
Others	44,3%

For technical information on any of these worms, please see the detailed descriptions on the Avira website. Moreover, please keep in mind that all Avira users are perfectly protected against these threats. Make sure you update Avira on a regular basis in order to stay safe from malware.

As for the monthly ranking of phishing scams, the situation stays pretty much the same as last month.

Chase Bank	64,52 %
PayPal	14,59 %
Ebay	7,15 %
Volksbank	2,86 %
Amazon	1.86 %
Others	9,01 %

The Chase phishing attack is once again the leader of this hierarchy, with 64.52 % of all phishing attacks, observing a rise of 15.19 % from the last month. The number of Paypal and Ebay pshishings dropped with almost a half of their percentage and the Barclay’s Bank phishing was replaced by the Amazon phishing attack from statistics point of view.

Some new entries that we have never seen before are: Deutsche Telekom (http://www.telekom.de/) and Nationwide Online (http://www.nationwide.co.uk/default.htm). However, at the time we received the phishing emails, the related sites were not online anymore.

Avira strongly recommends all users to be careful with suspicious emails and
unexpected attachments, no matter what interesting subjects they might claim to be carrying.

If you want to know more about these forms of cyber crime, please see or search for detailed descriptions on our website: http://www.avira.com/en/threats/index.html

For more information on how to recognize a phishing fraud, take your time to read our dedicated page:
http://www.avira.com/en/threats/what_is_phishing.html

Remember that we are here to assist you against the malware threat. Get rid of your doubts when facing a suspect file: just send it to and we will analyze it for you. Take a moment to see how to submit malware and then follow our instructions to send the suspicious file:
http://original.avira.com/en/pages/How_to_submit_malware.html

About Avira GmbH

Avira (formerly H+BEDV) is one of the leading providers of IT-security software solutions for professional use. As one of the pioneers in this area, the German company has repeatedly contributed to the security market since its launch of AntiVir in 1988 with technological innovations and intelligent new solutions to protect all network components and network levels.

The Avira headquarters are in Tettnang, a Swabian town located near Lake Constance. The company, which was founded as H+BEDV Datentechnik GmbH in 1986, works in close cooperation with the BSI (Federal Office for Information Security) and maintains technology partnerships with leading security providers. Companies all over the world, financial and IT service providers, public institutions, educational institutes and public clients trust in the security solutions of Avira and protect themselves with AntiVir.

The first on-access scanner under UNIX, based on an originally developed Open Source project “Dazuko” (file access control), is just one example. Another is the world's first certified malware protection solution for SAP. Or the security products for mobile devices, which achieved market maturity very quickly. The AntiVir scanner has been awarded the VB100% a number of times.

Website: www.avira.com

---

Other news from this category	Archive
Spam leads to malware instead of mail settings	Thu, 15 October 2009
Avira issues a warning on harmful PDF files	Mon, 12 October 2009
Avira warns: Fraudulent antivirus software supplied from hacked webservers	Thu, 01 October 2009
Avira keeps Dogrobot at bay	Thu, 24 September 2009
Supposed Avira key generator contains malware	Tue, 22 September 2009