DataBank: ThreatStats – Phishing attacks become more targeted as the number of two-tiered viruses grows

August 14, 2006

TOP 10 VIRUSES
Position Change Name Percentage
in position
1 0 Net-Worm.Win32.Mytob.c 29.01
2 new Email-Worm.Win32.Nyxem.e 16.70
3 -1 Email-Worm.Win32.LovGate.w 8.64
4 +2 Email-Worm.Win32.NetSky.b 5.55
5 -1 Email-Worm.Win32.LovGate.ad 4.02
6 +2 Net-Worm.Win32.Mytob.t 2.92
7 +3 Net-Worm.Win32.Mytob.q 2.75
8 -1 Net-Worm.Win32.Mytob.u 2.07
9 +9 Net-Worm.Win32.Mytob.x 1.92
10 -1 Net-Worm.Win32.Mytob.a 1.86

Many contemporary worms reach their peak months after they first appear,and this could be the case with Nyxem.e, which we first saw back inJanuary. Similarly, this month there have been alerts for viruses suchas Bagle.fy, which haven't made the top 20, but may yet return in fargreater numbers in the coming months. Nyxem.e caused quite a stir whenit was first detected, but thankfully the much-hyped February 3 threatnever materialised. However, while there is no need to panic about itsreturn, we do recommend that organisations ensure security policies aretight, anti-virus protection is up to date and all executable files areblocked at the gateway. The unexpected revival of Nyxem.e is one of anumber of unusual events witnesses during June. The dramatic fall oflongtime leaders Netsky.q and Netsky.t is another.

Source: Kaspersky Lab

PHISHING - ATTACKS BECOME MORE FOCUSED

Looking at the trend over the first half of 2006, despite a recentmarginal decline, attacks continue to become more focused as criminalsswitch their attention from creating malware to phishing.

Source: MessageLabs.

TROJANS - THE TWO-TIER THREAT
Virus First
Threat Anti-virus Outbreak
Virus Date Level Signature filter
Raised Available lead time
(GMT) (GMT)
Troj/Cimuz-AM 01/06/2006 20:42 02/06//06 00:42 4:00 hrs
Rechnung-
Ebay.pdf.zip 07/06/2006 18:51 08/06/2006 06:06 11.18 hrs
FeebsDI-Q 08/06/2006 20:28 09/06/2006 18:27 21:59 hrs
Troj/Stinx-W 15/06/2006 23:24 16/06/2006 10:36 11:12 hrs
W32/Bagle-KF 16/06/2006 17:04 16/06/2006 18:38 1:34 hrs
X97_EMBED.AN 16/06/2006 17:32 16/06/2006 17:52 0:20 hrs
W32/Sixem-A 19/06/2006 13:50 19/06/2006 21:12 7:22 hrs
Feebs.AG 21/06/2006 04:25 22/06/2006 22:12 41:48 hrs

Trends show that viruses are two-tiered. The first layer comprises the
security of a PC enough to allow second layer trojans to then fully
exploit the machine to steal data and set it up for botnet activity.
Source: IronPort.

TOP 10 HOAX THREATS
Position Name Percentage
1. Hotmail hoax 12.5%
2 Olympic torch 9.7%
3 Justice for Jamie 5.7%
4 Bonsai kitten 4.9%
5 Meninas da Playboy 3.6%
6 Budweiser frogs screensaver 3.0%
7 Bill Gates fortune 2.7%
8 MSN is closing down 2.4%
9= A virtual card for you 1.7%
9= Mobile phone hoax 1.7%
Others 52.1%

This month, the Hotmail hoax, which warns recipients that their Hotmail
account will be closed if they don't forward the rogue message, has
taken the top spot from the Olympic Torch hoax.
Source: Sophos.

MALWARE - INFECTION TREND STARTS TO SLIP

Trojans and exploits made up 22 per cent of all infection, while virusesand worms only accounted for one in ten infected PCs.

Source: Trend Micro

GRAYWARE - INFECTIONS REMAIN STEADY

Nearly a third of all greyware infections (28 per cent) were adware.Trackware made up 10 per cent, while browser helpers accounted for 13per cent. Browser hijackers recorded a paltry one per cent ofgreyware.

Source: Trend Micro

ZERO-DAY ATTACKS

Naninf dominates chart

The zero-day malware chart is dominated by just two viruses,Backdoor.Naninf.E and Trojan-Downloader.Win32.Vidlo.ae, which betweenthem accounted for 90 per cent of all new malware in June.

Source: Blackspider

ZOMBIES - IMAGE-BASED SPAM ON THE RISE

With image-based spam now comprising up to 15 per cent of all spam mail,new zombie numbers continued their upward trend, rising another 3 percent in June. China once again accounted for most of the increase.

Source: Cipher Trust

Total zombies for June 2006: 7,796,846

The total number of zombies is up 2.9 per cent from May.

Source: CipherTrust

TOP 10 SPYWARE THREATS

Our July Top 10 Spyware Threats shows the severe threats reportedbetween 1 and 27 June. The percentage is based on the number of timeseach threat was found divided by the number of scans run. These threatsare classified moderate to severe, based on the method of installation,among other criteria. The majority of these threats propagate throughstealth installations or social engineering.

Source: Sunbelt Software

THREAT NAME DESCRIPTION PERCENTAGE
1 DesktopScam A trojan that is downloaded
with rogue security applicatons
in order to frighten the
affected user into purchasing
the rogue program. 3.32
2 Zlob.Media-Codec A trojan that installs rogue
security software on the infected
machine without notice and consent. 1.19
3 Looking-For.Home Home Search Assistant is an IE
browser helper object tha
changes the Search Assistant
user's home page and modifes
search results. It also spawns
pop-ups. 0.98
4 Virtumonde An adware program that displays
pop-up advertisements on the
desktop and also downloads
other software from various
remote servers. 0.95
5 SpywareQuake A purported anti-spyware application
that scans for and removes
spyware from users' computers. 0.86
6 180solutions. Logs the web pages visited and
uploads the data to its servers.
SearchAssistant 0.80
7 Command Service An adware application that opens
pop-ups and displays advertising on
the user's desktop while browsing
web pages. It is installed by a
number of drive-by downloaders,
including IE-Plugin. 0.78
8 FullContext.EQAdvice An advertising program that
displays ads and allows the
installation of other adware. 0.70
9 DollarRevenue An adware program that spawns
pop-up advertising on the desktop
and downloads other adware. 0.69
10 Zango.SearchAssistant Opens new browser windows
showing websites based on the
previous websites visited. 0.68

prestitial ad