Security News
February Virus Top 10
Mon, 26 March 2007
A quiet period on the malware front
Tettnang, 28 March 2007 - Avira, one of the leading providers of IT-security software solutions, presents today a malware report including the top ten viruses and phishing attacks as they were discovered by our virus researchers during the month of February 2007.
At a first glance it may seem that the February Top 10 Viruses is identical to the previous one. It seems like the virus writers began their spring break: the same viruses have been in the top ten charts for at least two months.
February was a surprisingly quiet period, as the malware ranking shows an interesting situation: the first four places remained the same as the last month. Overall, the changes to the top ten are more or less symbolic. Some viruses had moved up or down a couple of places and the Worm/KillAV.GR disappeared and it was replaced by Netsky.D.Dam.
In comparison to January, when the difference between the first two positions (Netsy.P - 23.4 % and TR/Dldr.Stration.Gen - 22.1 %) was almost insignificant - 1.3 %, the only notable thing in February is the fact that now TR/Dldr.Stration.Gen dropped 12.2 % and made NetSky.P to move forward with force. The distance between the pole position and the rest of the Top Ten is now 17.1 %.
TR/Dldr.Stration.Gen, which was almost on a level with Netsky.P in January and together with its siblings made up more than half of all viruses registered in the Top Ten of November, it is now a shooting star. It will probably continue to drop and even disappear completely like Sober.Y did exactly one year ago.
Also this month the malware front was dominated by the same old and still dangerous worms. The Mytobs represent again the most prevalent malware family of our February Virus Top 10.
On 1st of February the Avira virus researchers warned computer users that were circulating on the Internet some fake BKA emails. Pretending to be sent by the Federal Criminal Investigation Agency (BKA) which informs the receiver about a preliminary investigation, the alleged emails contained a Trojan in the fake report attached. Avira detected the malware in advance as HEUR/Crypted and as TR/Dldr.iBill.I and protected its users of being infected.
Last month we were talking about the Storm Worm. This month we detected a new version of it: TR/Dldr.iBill.M. The Trojan is contained in the attachment “Postcard.exe”. However, the malware is only activated when the email recipient opens this attachment. The Trojan has rootkit functions that make it difficult to find and eliminate. But also this time the Avira AntiVir computers were protected.
Another threat discovered this month was the Trojan called TR/Dldr.iBill.T which claimed to be an invoice from IKEA.
Due to the fact that these emails, distribution channels and also the malware sample itself are very similar we suspect that the author is the same for all these versions. It seemed to be effective to search for popular targets and send malicious files in their names.
February's top ten is dominated by old viruses but in contrast to the drop in new viruses, the overall level of malware continues to rise. The spam emails are now the more favored methods of attack for cyber criminals. 85.08 % of all samples detected by our trap system in February 2007 were classified as spam emails while only 3.97 % were viruses and 10.95 % were represented by phishing attacks.
Here is a shot of our February Virus Top 10:
For technical information on any of these worms, please see the detailed descriptions on the Avira website. Also, please keep in mind that all Avira users are perfectly protected against these threats.
Make sure you update your Avira product on a regular basis in order to detect the latest threats.
|
The second part of our monthly malware report, the phishing chart for February, is like the Virus Top 10 almost the same as it was in the last months. The phishing hierarchy has a newcomer:
Postbank with 7 % of all phishing attacks.
| For more information on how to recognize a phishing fraud, take your time to read our dedicated page |
The new targets of phishing attacks identified this month were: Bank of Dwight,
Nevada State Bank,
BB&T,
Co-op Services Credit Union,
M&T Bank,
West Suburban Bank, California Bank & Trust,
FirstBank and
Tyndall Federal Credit Union.
Avira strongly recommends all users to be careful with suspicious emails and unexpected attachments, no matter what interesting subjects they might claim to be carrying and to update their security product on a regular basis.
For more information on how to recognize a phishing fraud, take your time to read our dedicated page:
http://www.avira.com/en/threats/what_is_phishing.htmlRemember that we are here to assist you against the malware threat. Get rid of your doubts when facing a suspect file: just send it to
virus@avira.com and we will analyze it for you. Take a moment to see how to submit malware and then follow our instructions to send the suspicious file:
http://www.avira.com/en/support/submit_suspicious_files.html
Virus threats 
Print this page
.gif)
