Security News

October Virus Top 10

Fri, 10 November 2006

The Invasion

Tettnang, 10 October 2006 - One of the leading providers of IT-security software products, Avira, reveals today the malware ranking for October. As anticipated by the previous Virus Top, the "storm" began - the representatives of Stration family were aggressively spammed out. The result: half of the October Virus Top 10 is occupied by Stration variants.

After three months of having an almost identical virus top, with Worm/Bagz.D.3 in pole-position, the new number-one threat is TR/Dldr.Stration.C, a trojan discovered on 19 October 2006. Using social engineering tricks in order to induce users to download the infected attachment with the already known “Worm/Stration.C”, this new menace poses as a security patch from Microsoft. The virus writers prepared very carefully their attack as the file names of the attachments are very much alike the typical Microsoft patch programs like for instance: "Update-KB%Nummer%-x86.exe" or "Update-KB%Nummer%-x86.zip". Avira's heuristic proactively detected 36 different variants of the Trojan and developed two generic detections - Worm/Stration.Gen and TR/Dldr.Stration.Gen, in order to combat new variants of Stration.

In the last two weeks of October, dozens of Stration versions were discovered. Until now, the Stration outbreak proved to be the most virulent attack of the year 2006.
One year ago, what a strange coincidence, another malware family, the Sobers, was starting to expand their family business. If on the 6th of October 2005 Avira detected a significant Sober seeding, in November we confronted with the biggest malware outbreak in 2005 – the massive attack of Sober.Y. After being the worst threat for many months in a row, the pest disappeared completely from the malware front. The timely disclosure of its actions and the large media coverage prevented Sober.Y from properly fulfilling a more disastrous payload. Similarity or not, the proportion of the infections with Stration variants grew up vertiginously. Within a few hours after the outbreak, our special malware traps, already contained more than 4000 copies of the Trojan.

Therefore, in order to protect users from an outrageous attack, Avira recommends scanning all the emails before opening and open only email attachments that are expected and that come from a trusted source.

Netsky.P has been one of the most widespread worms of the past years. It has led our malware ratings many times and this month made up 12.90 % of all threats, being the second threat, among the fives variants of Stration family. The newcomers of this month, TR/Dldr.Stration.D, Worm/Stration.Gen, TR/Dldr.Stration.C.6, TR/Dldr.Stration.Gen, along with their brother in arms - Stration.C, count 47.83 % of all the threats discovered in October.

The leader for the past three months, Worm/Bagz.D.3, dropped directly to the 8th position, reducing its presence with 29.43 % of all samples detected.

In October 5.09 % of all malware trapped by our special observation networks were represented by viruses and 16.94 % were phishing attacks. Spam emails made up 77.97 % of all samples intercepted in mail traffic.

Here is a shot of our October Virus Top 10:

TR/Dldr.Stration.C	16.29 %
Worm/NetSky.P	12.90 %
TR/Dldr.Stration.D	11.38 %
Worm/Stration.Gen	11.37 %
TR/Dldr.Stration.C.6	4.89 %
TR/Dldr.Stration.Gen	3.90 %
Worm/Womble.D	2.22 %
Worm/Bagz.D.3	1.13 %
Worm/Netsky.Z	1.07 %
Worm/Mytob.NT	0.95 %
Others	34.85 %

For technical information on any of these worms, please see the detailed descriptions on the Avira website. Also, please keep in mind that all Avira users are perfectly protected against these threats.

Make sure you update your Avira product on a regular basis in order to detect the latest threats.

The second part of our monthly malware analysis – the phishing hierarchy for October is almost the same as it was in the last months. PayPal and Ebay are fighting for the first position, being only 2.04 % between them. Amazon reappeared in the top 5 with 2.81 % of all phishing attacks.

If you want to know more about these forms of cyber crime, please see or search for detailed descriptions on our website: http//www.avira.com/en/threats/index.html

PayPal	35.19 %
Ebay	33.15 %
Volksbank	3.89 %
Bank of America	3.73 %
Amazon	2.81 %
New phishing-emails	0.97 %
Others	20.26 %

In October the new targets of phishing attacks were: Mastercard, GE Money Bank, Del Norte Credit Union, National Australia Bank, Lincoln Federal Savings Bank, Egg Security, Banca Mediolanum, Ocha Credit Union, Banca Fideuram, KeyBank, Los Angeles Firemen's Credit Union, Alliance & Leicester, North Fork Bank, Staley Credit Union, BankWest, The Honesdale National Bank, St. George Bank, First National Bank of Greencastle, Providian.

Avira strongly recommends once again all users to be careful with suspicious emails and unexpected attachments, no matter what interesting subjects they might claim to be carrying and to update their security product on a regular basis.
For more information on how to recognize a phishing fraud, take your time to read our dedicated page:
http://www.avira.com/en/threats/what_is_phishing.html

Remember that we are here to assist you against the malware threat. Get rid of your doubts when facing a suspect file: just send it to and we will analyze it for you. Take a moment to see how to submit malware and then follow our instructions to send the suspicious file:
http://original.avira.com/en/pages/How_to_submit_malware.html

Other news from this category	Archive

Avira warns online gamers: be careful with add-ons and automatic game updates	Wed, 30 July 2008
A backdoor in an alleged Customs declaration	Fri, 25 July 2008
"Storm Worm" announces a monetary reform in North America	Tue, 22 July 2008
Harmful PDF files have no chance with Avira	Mon, 21 July 2008
Trojan advertises help but is really malware	Wed, 16 July 2008