Viruses spread via web recorded at 8.4 percent in India

By siliconindia   |   Thursday, 26 November 2009, 22:11 IST   |    3 Comments
Printer Print Email Email
Viruses spread via web recorded at 8.4 percent in India
Bangalore: In the month of October 2009, there has been a renewed surge of activity from the once notorious Magania family. In July, Trojan-GameThief.Win32.Magania.biht was among the top 20 most common malicious programs on the Internet. In October, a new version Magania.cbrt, as well as Trojan-Dropper.Win32.Agent.ayqa, which is linked to Magania, were among the 20 malicious programs most often detected on users' computers. Kapersky, a developer of internet threat management solutions that protect against all forms of malicious software including viruses, spyware, hackers and spam, presents its monthly malware statistics for October 2009. As a result, the top twenties have changed somewhat, and the figures in both ratings this month are significantly higher, due to an increased numbers of users participating in KSN. Net-Worm.Win32.Kido.ir, which made its first appearance last month, has replaced the traditional leader, Kido.ih. This demonstrates once again that infected removable media are a major source of infection. Still on the subject of removable media, Autorun.dui, which appears regularly in the ratings, has been joined by a very similar program, Autorun.awkp, which entered in 9th place. These malicious programs, as the name suggests, automatically run malware on removable devices. Packed.Win32.Black.a, Packed.Win32.Klone.bj and Trojan.Win32.Swizzor.b returned to the first top twenty this month. Moreover, Black.a has been joined by a new version Black.d. To recap, the Packed.Win32.Black family includes programs that have been packed with unlicensed versions of legitimate utilities used to protect executable files. In this particular case the packer is ASProtect, a utility often used by cybercriminals. Malicious programs that spread via removable devices were again prevalent this month, and there was noticeable gaming Trojan activity (although this is has not yet reached significant levels). The top two positions have been claimed by new variants of Gumblar, a script Trojan-Downloader program. This program caused quite a stir at the end of May and went straight to the top of the ranking in June. The technique of splitting a malicious script into several parts to hinder detection and analysis is becoming increasing popular. Around a quarter of the programs in this month's Top twenty have been designed in this way: Trojan-Downloader.JS.Zapchast.n, Trojan-Downloader.JS.Small.oj, Exploit.JS.Agent.apw, Trojan.JS.Zapchast.an, and Trojan-Downloader.JS.Agent.env. This month has been characterized by the mass infection of legitimate websites with the Trojan-Downloader program Gumblar. The splitting of malicious scripts is also a marked trend.