Security News

June Virus Top 10

Wed, 05 July 2006

No significant changes on the malware front

Avira discloses today the malware ranking for June, based on statistic data and virus lab researchers’ opinions. The situation on the malware front looks very much the same as it was in May.

The June Virus Top 10 is almost identical with the last Virus Top 10, Netsky.P, Lovgate.W, Netsky.AA and Mytob.IN.2 occupying the same positions this month as last month. The new entries of our May Virus Top 10 - Worm/Mytob.U and Worm/Lovgate.AU.2 had a different behavior in June. While, the Worm/Mytob.U reached the third position with a percentage of 4 % of all infections reported in June, after being the penultimate threat in May, Worm/Lovgate.AU.2 dropped to the last position of this month, being the only virus which reduced its number of infections.

However, we don’t have brand new viruses, just three re-entries: Netsky.Z, Netsky.D.Dam and Netsky.#1. This reappearance of these Netsky variants shows that there are still many computers being infected with those outdated worms.

It may seem that June proved to be a period without notable incidents, but the virus researchers discovered new threats which are not appearing in the malware top ten.

On the 20th of June, Avira discovered Worm/Soccer.A, a worm which makes use of the World Cup hype. Worm/Soccer.A is an email worm that uses a social engineering trick in order to increase its spreading potential and to deceive a lot of people crazy about soccer. Attention-grabbing subjects such as "Naked World Cup game set", "Crazy soccer fans" or "Soccer fans killed five teens" amplified its possibility to produce damage. However, after the first wave of submissions we haven’t received any samples of it. Perhaps the large media coverage of this threat made the attackers to stop spreading it.

On the last day of this month Avira virus researchers discovered a Trojan called TR/Dldr.EbayBill.B which claimed to be an invoice from eBay. This was detected by our AHeAD heuristic technology as "HEUR/Trojan.Downloader" and as assumed it was designed to download and install further malware.

Besides the Soccer.A we received a couple of spam emails mainly in German language. We investigated the advertised sites and searched for embedded scripts or any other malicious code, but until now we haven’t discovered anything harmful.

Here is a first shot of our June Virus Top 10:

For technical information on any of these worms, please see the detailed descriptions on the Avira website. Also, please keep in mind that all Avira users are perfectly protected against these threats. Make sure you update your Avira product on a regular basis in order to detect the latest threats.

As for the monthly ranking of phishing scams, in June we have an incredible amount of new targets.

PayPal	51.49 %
Ebay	15.01 %
Amazon	2.64 %
Bank of America	2.46 %
Volksbank	1.89 %
Others	26.51%

PayPal and Ebay still top the ranking, being by far the most targeted sites this month.

Last month security experts from Avira had warned that the phishing authors are searching new phishing targets, pointing out the tendency of phishers to target smaller institutions, whose clients are more vulnerable because they never had been exposed to such cyber attacks. Thus, it should come as no surprise to find out that this month we have an incredible amount of new targets such as First National Bank, élan Credit Card Services, Deutsche Apotheker- und Ärztebank, Ohio Savings Bank, National Association of Federal Credit Unions, Corporate America Family Credit Union, CB&T, Wainwright Bank, Netspend Corporation, Nationwide, mbna, TDECU, BECU, CUNA, Internal Revenue Service, Santa Barbara Bank and Trust, Banca Intesa, Wachovia, TIB and others.

Besides these attacks, we also discovered a Paypal phishing that used a new trick in order to make it harder to turn the phishing sites down. The URL in the email referred to a site that contained nothing but a script. This script had various URLs implemented and selected one from its list random.

Avira strongly recommends all users to be careful with suspicious emails and unexpected attachments, no matter what interesting subjects they might claim to be carrying and to update their security product on a regular basis.

If you want to know more about these forms of cyber crime, please see or search for detailed descriptions on our website: http://www.avira.com/en/threats/index.html

For more information on how to recognize a phishing fraud, take your time to read our dedicated page: http://www.avira.com/en/threats/what_is_phishing.html

Remember that we are here to assist you against the malware threat. Get rid of your doubts when facing a suspect file: just send it to and we will analyze it for you. Take a moment to see how to submit malware and then follow our instructions to send the suspicious file: http://original.avira.com/en/pages/How_to_submit_malware.html

About Avira

Avira (formerly H+BEDV) is one of the pioneers in the IT security area. The security specialist has been developing as from 1988 cross-system security solutions for business and private customers under the brand name AntiVir. Some of these customers are leading national and international companies, various educational institutions as well as public entities.

The product portfolio comprises high-performance security solutions for workstations, file servers, web servers and mail servers as well as for PDAs and smartphones. The acquisition of the datapol technologies in 2006 provides Avira with additional leading technological solutions to protect and recover systems. The company doesn’t only have a wide range of products in the Windows environment; it is also one of the technology leaders in the UNIX market. Moreover, the company introduced the first SAP certified security solution for SAP NetWeaver in 2005 on the market.

The Avira AntiVir scanner is awarded the VB 100% on a regular basis. The high competence of the company in the IT security area is also documented through the close collaboration with the Federal Office for Information Security (BSI).

The Avira security solutions can be obtained from the numerous Avira resellers, who represent and distribute the products all over Europe and abroad.

Company Contact:
Avira GmbH
Adela Kohl/Gernot Hacker
Lindauer Str. 21
D-88069 Tettnang
Telefon: +49 (0) 7542-500 0
Telefax: +49 (0) 7542-525 10
Email:

Press contact:
Jacklin Montag
LEWIS Global PR
Tel.: +49 (0) 89-17 30 19 19
Email:

Other news from this category	Archive

Faked anti-virus solution develops in to a plague	Fri, 29 August 2008
Avira warns online gamers: be careful with add-ons and automatic game updates	Wed, 30 July 2008
A backdoor in an alleged Customs declaration	Fri, 25 July 2008
"Storm Worm" announces a monetary reform in North America	Tue, 22 July 2008
Harmful PDF files have no chance with Avira	Mon, 21 July 2008