Security News
March Virus Top 10
Thu, 31 May 2007
Mytobs - the nastiest family of the month
Avira presents today the Virus Top 10 for March, drawn from our specific statistic sources and virus experts’ opinion. Nothing new in the malware chart - the malware hierarchy is again half occupied by Mytob versions, just as it was last month. March 2007 did not bring any substantial changes to the assortment of viruses found in the email traffic.
Without extremely dangerous virus alerts, the first three months of 2007 represented a relatively quiet period. However, this apparent unruffled time is the effect of the drive of malware creators to infect computers silently, ensuring their viral code can operate undetected for as long as possible. You'll see in this report how a Windows exploit can damage your computer without knowing anything.
NetSky.P is still the top dog virus with 30.5 % and Bagle.GD is in second place in the ranking, accounting for 7.7 % of all viral activity. If in the last Virus Top 10 the difference between the first position and the rest of the top ten was 17.1 %, in March this difference was of 22.8 % - Netsky.P is moving forward with force. As you can see in our hierarchy the Mytobs are dominating the statistics in numbers of variants. The central part of our chart is represented only by Mytobs. This malicious malware family is active since February 2005 and after its first appearance over thousand different variants were created. The Mytobs are mass-mailed worms that include their own SMTP engine in order to spread to other PCs after stealing addresses from an infected computer. These Mytobs worms also have back door capabilities.
Netsky.D.Dam moved up two positions from the last place to the 8th place while Womble.D dropped down directly to the last position of our hierarchy. No new viruses appeared in the virus top 10, meaning that popular threats are spreading more, than less well known ones.
The trend of sending infected attachments by email, which started at the start of this year, is now a torrent. This means that the seeding of email worms which use infected attachments is fast becoming a custom for virus writers.
This month the well known brand of popular organizations was used by hackers to mislead computer users with the purpose of stealing money from them were: the online shop of the catalog company Quelle, the partner search platform single.de and again 1&1. Either the author is the same for all these threats either virus creators copy successful social engineering methods.
In the last days of March our virus researchers detected the exploit for vulnerability in "Windows Animated Cursor Handling". The Microsoft operating systems affected by this exploit were Windows XP SP 2 and Windows Vista. After modifying the file .ani the cyber criminals started to seed it via fake emails or modified websites. More than 44 different files were detected on over a dozen servers within the first day. But what is dreadful is the fact that this malware operates in the background, without the user's knowledge. Avira recommended to temporarily deactivating the preview of emails in HTML mode.
We had expected and predicted this situation - spam, which has increased dramatically in the last period, made up 86.62 % of all samples intercepted in mail traffic. Even if a spam email does not contain malicious payloads like viruses, it can be just as dangerous. Without an anti-spam application or email content filter, computer users are being uncovered to these unsolicited emails every day.
As reported by Avira's special observation networks, 4.81 % of all malware types were viruses and 8.57 % were represented by phishing attacks.
Here is a shot of our March Virus Top 10:
For technical information on any of these worms, please see the detailed descriptions on the Avira website. Also, please keep in mind that all Avira users are perfectly protected against these threats.
Make sure you update your Avira product on a regular basis in order to detect the latest threats. |
No significant changes on the phishing front:
Postbank was replaced by the
Chase Bank, which returned in the phishing ranking, exactly one year after it was the number-one target of phishing authors. Besides Postbank also
Volksbank disappeared from the phishing hierarchy. The newcomer of the March phishing ranking is
BB&T, a phishing attack first discovered in February 2007.
| For more information on how to recognize a phishing fraud, take your time to read our dedicated page |
In March Avira discovered the following new targets of phishing emails that have never seen before: Abbey, AkBank, Bancaja, CAJA MADRID,
ePassporte, First Interstate Bank,
German American Bancorp, Global Refund,
NatWest,
Nordea,
Visions Federal Credit Union, Option 1 Credit Union, South Side Bank and Tesco Credit Card.
And we saved the best for the last. Starting this month, Avira launched a new subdivision of its website -
Phishing WorldMap.
As its name clearly states, the new interesting and dynamic Phishing WorldMap displays an overview of the geographical spreading of phishing attacks. It uses a logical color scheme (for example - the color "yellow" means that in that region it was a quiet period for phishing). A dropdown list allows the user to refine the time period of attacks to be displayed (Last 7 days, 30 days or 3 months). The World Phishing Map helps us to see the origin of email phishing in that period across continents (phishing rate) and even the phishing number at city level.
Avira strongly recommends all users to be careful with suspicious emails and unexpected attachments, no matter what interesting subjects they might claim to be carrying and to update their security product on a regular basis.
For more information on how to recognize a phishing fraud, take your time to read our dedicated page:
http://www.avira.com/en/threats/what_is_phishing.htmlRemember that we are here to assist you against the malware threat. Get rid of your doubts when facing a suspect file: just send it to
virus@avira.com and we will analyze it for you. Take a moment to see how to submit malware and then follow our instructions to send the suspicious file:
http://www.avira.com/en/support/submit_suspicious_files.html
Virus threats 
Print this page
.gif)
