May could be described as a quiet month with respect to malicious code attacks. This apparent calm however can be deceiving, as it corresponds to the new objectives of malware creators: earning money. The type of epidemics which were commonplace until recently do not serve this purpose, and so cyber-crooks are concentrating their efforts on the creation of malware more suitable for this purpose, such as Trojans or bots, which they try to insert surreptitiously on computers without the knowledge of users or security companies. In this way, they can operate maliciously in systems for long periods of time.
In any event, there are still thousands of both new and old malicious codes in circulation, causing problems every day for users around the world. For the eleventh month running, Sdbot.ftp was the malware specimen most frequently detected by the free online antivirus solution Panda ActiveScan. This is a script used by the Sdbot family of worms to download themselves onto computers via FTP.
In second place in the ranking was LowZones.RI, a Trojan that modifies and reduces the system security settings. Jupillites.G, a recently created Trojan allowing remote attacks on infected computers, was in third place.
Fourth place in the Top Ten was occupied by Netsky.P, a worm that was detected for the first time in March 2004, and continues to appear in the ranking of the most frequently detected viruses. Next came Exploit/Metafile the detection of vulnerability in the processing of WMF files in Windows, which is still attracting the attention of malware creators.
Downloader.ITE, a Trojan designed to download other malware, occupied sixth place in the ranking. Parite.B, Tearec.A, and the Trojans Lowzones.SE and Downloader.HYS completed last month's ranking.
Malware % frequency
The most significant conclusion that can be drawn from the Top Ten in May is that Trojans are becoming the most widespread malicious code. In fact 50 percent of malicious code in the list were Trojans, while worms, widespread until very recently, only accounted for 30 percent.
Moreover, it is once again evident that there are numerous computers that still do not have anti-malware installed and that also have vulnerabilities which were resolved by developers some time ago. This is confirmed by the presence of Netsky.P which spreads and automatically infects computers using a vulnerability in Internet Explorer for which a patch was published more than three years ago. An infected computer is a source of infection for other victims and is easy prey for hackers that launch attacks through these computers.
For more information about these and other malicious code, visit Panda
Software's Virus Encyclopedia