Trojans continue to dominate threat detections as Conficker takes top spot

News by Dan Raywood

Trojan downloaders are continuing to dominate malware statistics with exploitations of the autorun.inf and Delphi functions continuing.

Trojan downloaders are continuing to dominate malware statistics with exploitations of the autorun.inf and Delphi functions continuing.

ESET statistics show that in August, the Conficker worm was the most widespread threat globally with a share of 8.56 per cent. However it registered a slight decrease of two per cent on average compared with July statistics, while on a country-by-country level this was even more pronounced.

However it found that a mixture of threats claimed a stronger global position, predominantly online gaming Trojans and exploitations of the autorun.inf function, the second and third most detected threats respectively.

Statistics from Sunbelt Software's SunbeltLabs reported that the password-stealing Trojan threat Trojan-Spy.Win32.Zbot.gen maintained the top spot on the list, but its prevalence increased by 53.7 per cent month over month to 7.67 per cent of overall Sunbelt detections from 4.99 per cent in July.

The second most detected was Trojan.Win32.Generic!BT, a downloader associated with rogue security programs, that did not appear on the list in July yet was the second highest threat with 7.57 per cent of detections.

SunbeltLabs also found that the Win32.induc virus, which was highly publicised in August for propagating itself through Delphi development applications, did not make the list.

Michael St. Neitzel, Sunbelt Software vice president of threat research and technologies, said: “The fact that Zbot is the top detection for the last two months isn't surprising. It's a very versatile piece of malcode that injects code from a remote site to steal information from its victims, including cached passwords, login credentials for websites (chiefly banks) as well as data in certificates and cookies. It has some backdoor functionality and may record keystrokes.

“We first noticed an increased distribution of it in the middle of May when it was distributed through a number of spam campaigns. In one case, the spam email purported to be an airline e-ticket and in others it arrived as either an attachment that claimed to be from United Parcel or an alleged e-payment notification of an order with We have documented more than 2,700 files related to Trojan-Spy.Win32.Zbot.gen since it was first detected.”

Kaspersky Lab's statistics found that Net-Worm.Win32.Kido.ih and Virus.Win32.Sality.aa are still its top rated threats, but has also detected that the Virus.Win32.Induc.a, that makes use of the Delphi two stage method for creating executable files, is prevalent.

It also claimed that more than half the entries in August's second Top Twenty are new examples of cybercriminals' creativity.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews