AVIRA Press Center - November Virus Top 10

November Virus Top 10

Mon, 18 December 2006

Stration invasion continues

Tettnang, 18 December 2006 - Avira discloses today the November Virus Top 10, drawn from our specific statistic sources and virus experts’ opinions. The malware hierarchy is again half occupied by Stration versions, just as it was last month. Even so, the proportion of Stration infections is decreasing slowly. TR/Dldr.Stration.C and Netsky.P switched places and Netsky.P became again, after four months, the leader of the Virus Top 10.

As we can notice, Stration.C reduced its proportion with 3.49 % and it seems that has reached its peak, and we predict that it will go down in the future. New variants of Stration were discovered in November: TR/Dldr. Stration.F, TR/Dldr. Stration.G and TR/Drop.Stration.E. The downloaders - Stration.F and Stration.G were discovered on 20 and 22 November. The other newcomer of November - Stration.E, discovered on 7 November, is a dropper.

The Mytobs disappeared from our November Virus Top 10. The battle for the top position between the old-timer Netsky.P and the Stration family continues this month too. One year after the massive attack of Sober.Y, another malware family - Stration is making a hard life for computer users. Let's hope that this nasty family will have the same destiny as the Sobers, which disappeared completely. Discovered on 15 November 2005, Sober.Y stopped its mailing routine in February 2006.

Avira's analysis shows that 75.70 % of emails circulating during the month of November have been classified as spam. Last month the Avira virus analysts discovered a new uncommon “Pump and Dump” wave of spam with anti-OCR techniques. The spammers worked very hard to make the messages impossible to be analyzed by the filters that use OCR (Optical Character Recognition) technologies. They no longer used the old scrambling techniques with lines and dots but a completely new approach: random colored shapes as background and text written in waves.

The samples detected as viruses represented only 5.87 % while 18.43 % of all malware trapped in November were phishing emails.

Here is a shot of our November Virus Top 10:

For technical information on any of these worms, please see the detailed descriptions on the Avira website. Also, please keep in mind that all Avira users are perfectly protected against these threats.

Make sure you update your Avira product on a regular basis in order to detect the latest threats.

Worm/NetSky.P	17.8 %
TR/Dldr.Stration.C	12.8 %
TR/Dldr.Stration.F	8.2 %
TR/Dldr.Stration.G	7.8 %
TR/Dldr.Stration.C.6	6.7 %
TR/Drop.Stration.E	3.6 %
Worm/Bagz.D.3	3.3 %
Worm/Womble.D	2.6%
TR/Dldr.Stration.Gen	2.5 %
Worm/Netsky.Z	1.7 %
Others 34.7 %

November is the month of surprises. Exactly after one year, the phishing hierarchy has a new number one threat: Ebay. In November 2005 eBay counted 36.46 % of all phishing attacks and took the first position in our ranking. Since then, the first position was occupied by PayPal or Chase Bank. Slowly but surely, eBay increased its number of phishing attacks.

As we predicted in previous months, that the phishing authors will continue to improve their techniques of deceiving users and the phishing attacks will be more sophisticated, phishing became very hard to detect. During the last month, new trends of phishing emails have been noticed: plain text messages with a new structure and unobfuscated links to the fake website. The phishing emails seemed to come from Ebay and Sears Cards. Using known dedicated techniques their content can hardly be detected as phishing. The Avira security experts also have detected new types of phishing emails targeting PayPal users. Instead of containing a normal link to the phishing website where users should validate their accounts, these new emails count on people's naivety and invite the users to scan the credit/debit cards on both sides and send the scans to an email address. The collected information is used then in carding operations.

Therefore, Avira strongly recommends all users to be careful with suspicious emails and unexpected attachments, no matter what interesting subjects they might claim to be carrying and to update their security product on a regular basis.

If you want to know more about these forms of cyber crime, please see or search for detailed descriptions on our website: http//www.avira.com/en/threats/index.html

Ebay	44.31 %
PayPal	26.93 %
Amazon	5.01 %
Chase Bank	3.10 %
Volksbank	0.52 %
New phishing-emails	17.10 %
Others

Again we noticed a lot of new phishing targets such as: Sears, Clydesdale Bank, Moneybookers, NationalCity, Greater Atlantic Bank, Crédit Mutuel, CommunityAmerica Credit Union, Numerica Credit Union, Heritage Bank, Bank of America Military Bank,
E TRADE, Credit Union West and Bank Of Bahrain And Kuwait.

For more information on how to recognize a phishing fraud, take your time to read our dedicated page:
http://www.avira.com/en/threats/what_is_phishing.html

Remember that we are here to assist you against the malware threat. Get rid of your doubts when facing a suspect file: just send it to virus@avira.com and we will analyze it for you. Take a moment to see how to submit malware and then follow our instructions to send the suspicious file:
http://original.avira.com/en/pages/How_to_submit_malware.html

Other news from this category	Archive