Tuesday, September 12, 2006

August Virus Top 10

Two months in a row for Bagz.D.3 as a number one threat

Avira reveals today the monthly malware ranking counting down the ten worst menaces encountered in August. Netsky.P is once again the second threat after Bagz.D.3 took the pole position in the July Virus Top 10. This month, the most prevalent malware family is represented by the Mytob, with 4 members in the monthly hierarchy whereas the Netsky versions are less and less.

The first two positions of August Top 10 are the same as last month and the last two positions are occupied by new contenders: KillAV.GR and Mytob.AT. The worm KillAV.GR, discovered on 19 of January 2006, uses emails and local networks to spread. Previously detected as TR/KillAV.GR, this virus disables security applications and uses its own email engine in order to spread.

Another member of Bagz family – Worm/Bagz.C.2 had a considerable increase of 3.7%, reaching the fourth position in August, after being the eighth threat in July.

The pests Netsky.AA and Mytob.AD disappeared from the malware chart and Worm/Mytob.IN.2 occupies the same position as in July, but accounting 1.7 % of identified samples.

On 13 August new worm variants Worm/IRCBot.9374 and Worm/IRCBot.9609 that make use of the "MS06-040" vulnerability were discovered by Avira virus analysts.

Furthermore, we received a Trojan which was spammed out and claimed to be an eBay invoice. “TR/Dldr.EbayBill.D" was discovered on 15 August 2006 while we see such eBay Trojans almost weekly. The email text announces high invoice amounts in order to induce the reader to open the attached file. A similar Trojan targeting Telekom was discovered just two weeks later.

A mass mailer that makes use of an older vulnerability was detected on 29 August and is called "Worm/Womble.A". When someone is going to execute the attached file it will install the worm in the system directory and starts its mailing routine. This worm does not only have the capability to send out binary copies of itself but also WMF image files. If the system does not have the corresponding security patch (MS06-001) an email program might start active the malicious code without any further user interaction.

While 6.92 % of all malware trapped in August were represented by viruses and 20.26 % were phishing attacks, the majority (72.82 %) of threats discovered this month were spam emails.

Here is a shot of our August Virus Top 10:
Worm/Bagz.D.3 31.7%
Worm/NetSky.P 26.7%
Worm/Mytob.NT 6.4%
Worm/Bagz.C.2 5.2%
Worm/Mytob.U 2.0%
Worm/Mytob.IN.2 1.7%
Worm/Netsky.Z 1.5%
Worm/Netsky.D.Dam 1.4%
Worm/KillAV.GR 1.1%
Worm/Mytob.AT 1.0%
Others 22.6%

For technical information on any of these worms, please see the detailed descriptions on the Avira website. Also, please keep in mind that all Avira users are perfectly protected against these threats. Make sure you update your Avira product on a regular basis in order to detect the latest threats.

As for the monthly ranking of phishing scams, the situation on the phishing front stays pretty much the same as in July.

PayPal 29.87%
Ebay 20.44%
Volksbank 17.45%
NAFCU 3.95%
Bank of America 3.50%
New phishing-emails 0.96%
Others 23.83%

After we counted the 100th phishing description of PayPal which was published on our website in July, the number of PayPal phishings in August is dropping down with 23.78 % less than the attacks discovered last month.

Once again we noticed a lot of new phishing targets such as: Warren Federal Credit Union, La Capitol Federal Credit Union, Heritage Family Credit Union, Central Florida Educators Federal Credit Union, Star Systems, Federal Deposit Insurance Corporation, Educational Community Credit Union, Hudson Valley Federal Credit Union, DuPage Credit Union, Cascade Bank, Gesa Credit Union, America's Credit Union, Bank of Scotland, Golden 1 Credit Union, Santander, Air Academy Federal Credit Union and Listerhill Credit Union.

Avira strongly recommends all users to be careful with suspicious emails and unexpected attachments, no matter what interesting subjects they might claim to be carrying and to update their security product on a regular basis.

If you want to know more about these forms of cyber crime, please see or search for detailed descriptions on our website:

For more information on how to recognize a phishing fraud, take your time to read our dedicated page:

Remember that we are here to assist you against the malware threat. Get rid of your doubts when facing a suspect file: just send it to virus@avira.com and we will analyze it for you. Take a moment to see how to submit malware and then follow our instructions to send the suspicious file:

About Avira

Avira is a worldwide leading supplier of self-developed security solutions for professional and private use. With more than twenty years of experience, the company is one of the pioneers in this field.

The security expert has several locations in Germany and partnerships in Europe, Asia and America. At its headquarters in Tettnang near Lake Constance, Avira is one of the region’s largest employers with more than 180 employees. Worldwide more than 250 persons are employed and their work regularly wins awards. Avira AntiVir Personal, used by millions of private users, represents a significant contribution to security.

Avira’s national and international customers include renowned corporations listed on the stock exchange but also educational institutions and public authorities. In addition to protection of the virtual environment, Avira also provides for more protection and security in the real world by supporting the Auerbach Foundation. Established by the founder of the company, the Auerbach Foundation promotes charitable and social projects as well as the arts, culture and science.

Company Contact:
Adela Kohl/Gernot Hacker
Lindauer Str. 21
D-88069 Tettnang
Telefon: +49 (0) 7542-500 0
Telefax: +49 (0) 7542-525 10
Email: press@avira.com  

Press contact:
Jacklin Montag
Tel.: +49 (0) 89-17 30 19 19
Email: antivir@lewispr.com  

About Avira

Avira protects people in the connected world – enabling everyone to manage, secure, and improve their digital lives. The Avira umbrella covers a portfolio of security and performance applications for Windows, Android, Mac, and iOS. In addition, the reach of our protective technologies extends through OEM partnerships. Our security solutions consistently achieve best-in-class results in independent tests for detection, performance, and usability. Avira is a privately-owned company that employs 500 people. Its headquarters are near Lake Constance, in Tettnang, Germany, and the company has additional offices in Romania, India, Singapore, China, Japan & the United States. A portion of Avira's sales support the Auerbach Foundation, which assists education, children, and families in need. For more information about Avira visit www.avira.com.