Security News
June Virus Top 10
Fri, 20 July 2007
Zafi.B came back to claim the pole position of the malware top 10
Avira reveals today the malware hierarchy for June, based on statistic data and experts’ opinion. If last month we had a new contender for the phishing podium - PosteItaliane, this month the Virus Top 10 shows that a new threat is fighting with Nestky for the first position of our hierarchy: this is the old-timer Worm/Zafi.B.
In the May Virus Top 10, we were saying that is very possible that in June, Netsky will be dethroned by Stration.Gen. This didn't happen; moreover, Stration reduced its proportion of infections from 26.4% to 8.2% and dropped to the third position. The second position is now occupied by Zafi.B, which was first discovered in June 2004, exactly three years ago. After a long absence, this nasty old virus reappeared in our charts. According to our statistics sources, the Avira OASYS (Outbreak Alert SYStem), more than 50.000 copies of this thread were captured in June.
"A closer investigation pointed out that these samples were sent from a handful of computers located in Greece. It seems that our trap email addresses somehow made it to the infected machines and since then we're receiving many samples of Zafi.B" explained Oliver Auerbach, Security-Expert from Avira.
Also, the new entry of May, Sober.Gen, didn't make it to the top 10 this month. In comparison with the strong return of Zafi, the Sober's came back was very pale.
A large-scale web attack was discovered in June by Avira: more than 11.000 websites were infected using only a few lines of code that have been injected into the main site's HTML page. Investigating this fraud, the security-experts from Avira revealed the fact that in this case was used an IFRAME which made the browser to load another site that could host the exploit code, exploit that downloads a trojan in order to compromise users machines.
More than 11.000 websites have been hacked and approximately 10 % of unique visitors (115.114) got infected on 19 June. Avira has detected the exploit code by the heuristic module AHeAD as HEUR/Exploit.HTML and recommends the use of an alternative browser other than IE, installation of security patches and to block the following IP address since it was identified as hosting several malicious files: 64.38.33.13.
Unfortunately, our dreadful predictions from last month came true: a new type of malware was released in the wild by spammers - the new type of stock spam. On 20 June, Avira warned against the new type of spam, which claimed to be an online edition of the magazine “German Stock Insider” and it was sent in PDF format. The uniqueness of this new threat is that no filter in the world was expecting a PDF document to be a spam.
Stock spam is that type of spam that promotes a company’s stock, passing it as a “hot” stock tip. It usually takes the form of a friendly “advice” on the prospects of a targeted company. The reason is not to make the user to buy a product or service but to influence the price of stock.
Avira Spam-Experts expect to see this new practice to be used more frequently in the next period as after the moment the first stock spam appeared, already 5% of the entire spam is sent as PDF.
Avira advice all users to avoid buying any stocks that were advertised by using spam methods.
Here is a shot of our June Virus Top 10:
|
|
For technical information on any of these worms, please see the detailed descriptions on the Avira website. Also, please keep in mind that all Avira users are perfectly protected against these threats.
Make sure you update your Avira product on a regular basis in order to detect the latest threats. |
As for the second part of our malware report, the phishing hierarchy, we could say that
PayPal regained its first position after
PosteItaliane disappeared from our charts.
The PayPal phishing attacks represent more than 50% of all the phishings identified in June. The strange thing worth to mention is this massive fluctuation: from 13.85% in May to 56.94% in June (an increase of 43.09%).
|
|
For more information on how to recognize a phishing fraud, take your time to read our dedicated page |
Also, the third position is occupied by
Amazon, which came back after a few months of absence.
The new phishing-emails, trapped by Avira in June, were: banca a distance,
Banamex, Bank of Castle,
Bank of Ireland,
Bank of Oklahoma,
BECU,
Capital One,
Citibank,
CB&T,
Commonwealth Bank,
Banca Intesa,
Postbank,
élan credit card services,
Fairwinds, First Interstate Bank, First National Bank Alaska, First National Bank of Pennsylvania, First National Bank Omaha, gcard, Nab,
Netspend and sbbt.
Avira strongly recommends all users to be careful with suspicious emails and unexpected attachments, no matter what interesting subjects they might claim to be carrying and to update their security product on a regular basis.
For more information on how to recognize a phishing fraud, take your time to read our dedicated page:
http://www.avira.com/en/threats/what_is_phishing.htmlRemember that we are here to assist you against the malware threat. Get rid of your doubts when facing a suspect file: just send it to and we will analyze it for you. Take a moment to see how to submit malware and then follow our instructions to send the suspicious file:
http://www.avira.com/en/support/submit_suspicious_files.html
Virus threats 
Print this page
.gif)
