Top Ten viruses most frequently detected by Panda ActiveScan in February 06

For the ninth month running, Sdbot.ftp was the malware most frequently detected by the free, online antivirus Panda ActiveScan (www.activescan.com) in the computers of users around the world. Similarly, there has been a significant number of defections of Netsky.P, one of the oldest examples of malware in the ranking. Among the rest of the threats detected, the third place occupied by Metafile confirms how the vulnerability in the processing of WMF files is being actively exploited. Meanwhile, Tearec.A remains in fourth place, after the commotion caused last month by its activation on the third of every month.

During February, Sdbot.ftp was responsible for 2.48 percent of infections. Then came the veteran Netsky.P (1.28%), followed by other more recent threats such as Metafile (1.24%), Tearec.A (0.95%), Sober.AH (0.85%) or Bagle.GS (0.84%). Finally, with less significant frequency rates, came Qhost.gen, Gaobot.gen; Alcan.A and Parite.B.

Malware ----------------------- % frequency
W32/Sdbot.ftp ------------------ 2.48
W32/Netsky.P.worm ------------- 1.28
Exploit/Metafile ------------------ 1.24
W32/Tearec.A.worm!CME -------- 24 0.95
W32/Sober.AH.worm!CME -------- 681 0.85
W32/Bagle.GS.worm!CME -------- 328 0.84
Trj/Qhost.gen ------------------- 0.67
W32/Gaobot.gen.worm ---------- 0.65
W32/Alcan.A.worm -------------- 0.61
W32/Parite.B -------------------- 0.56

The continuing rising trend of worms is of particular significance in this month’s Top Ten. While in December, six out of ten of the threats most frequently detected by Panda ActiveScan were worms, this rose in January to seven and now in February eight out of ten. The clearest example of the success of worms is Tearec.A (CME-24), also known as Kamasutra, which spread widely using, as is common with this type of threat, social engineering techniques, in this case the lure of e-mails with erotic content.

And once again social engineering is the main factor behind the persistence of Sober.AH, a worm that caused an Orange Alert status at the end of November, and comes in the guise of, among other things, a warning from the FBI.

Another code that stands out is Metafile, an exploit or code written especially to take advantage of a security hole in GDI32.DLL -used by programs such as Windows Picture and Fax Viewer-, affecting the following Windows platforms: 98, Millennium Edition (ME), 2000, XP and Server 2003. This confirms that malware creators are taking advantage of the latest vulnerabilities -in this case one affecting processing of WMF files- in order to spread their creations.

To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, at: www.pandasoftware.com/activescanand SpyXposer, the free spyware detection tool, also available online at: http://www.pandasoftware.com/products/spyxposer/com/spyxposer_principal.htm. Webmasters who would like to include ActiveScan on their websites can get the HTML code, free from http://www.pandasoftware.com/partners/webmasters.

Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software's website (http://www.pandasoftware.com/about/subscriptions/) and complete the corresponding form.