"The aim of malware creators is purely financial and Trojans and spyware are the best types of malware for this purpose. That is why they are so widely distributed," explains Luis Corrons, Technical Director of PandaLabs.
Other types of malware are way behind these two. Worms, with 6 percent, were third, followed by dialers (5 percent), backdoor Trojans (4 percent) and bots (3 percent).
"Interestingly, 24 percent of infections come under the category 'Other', which includes viruses, cookies, etc. This indicates that there is an increasing variety of malware and the combined impact is considerably serious. In general, people still talk of 'viruses' when the truth is that malware is more varied than ever," confirms Corrons.
Regarding new examples of malware, 60 percent of those detected in February were Trojans. This is 11 points up on January.
"Spyware is the type of malware causing most infections. Some sub-categories such as adware, are not considered dangerous since they usually only display adverts. That is why spyware remains active on computers for longer, even though there are less new variants," adds Corrons.
Regarding February's most active malicious codes, Sdbot.ftp is in the first position once again. Sdbot.ftp is the generic script detection that certain worms exploit to download Sdbot onto a computer. This worm has been the most active malware for more than twelve months.
In second place is Bagle.HX. This worm was in the tenth position last month. Bagle.HX is from the Bagle family of worms, one of the most active last year. This variant uses rootkit features to hide its processes. It also disables some security solutions' functions. The aim of both characteristics is to make it more difficult to detect.
| Viruses | Infection percent | Previous position |
| W32/Sdbot.ftp.worm | 1.65 | 1 = |
| W32/Bagle.HX.worm | 1.39 | 10 up |
| W32/Puce.E.worm | 1.16 | 3 = |
| W32/Brontok.H.worm | 1.15 | 6 up |
| W32/Nurech.A.worm | 1.14 | New |
| Trj/Abwiz.A | 1.05 | 4 down |
| Bck/PcClient.DU | 0.88 | 5 down |
| Trj/Torpig.A | 0.86 | 2 down |
| W32/Netsky.P.worm | 0.84 | 8 down |
| Trj/Rizalof.TT | 0.84 | New |
Puce.E is in the third position, as it was last month. It is a worm that spreads through P2P networks. The fourth and fifth positions also correspond to two worms: Brontok.H and Nurech.A. Nurech.A spreads in subjects pretending to be greeting cards. It hides in an attached executable file with names like Flash Postcard.exe or Greeting Card.exe. Nurech.A is one of the few new entries in the list.
"Users think there are no dangerous threats. That is why they don't bother to update their anti-malware solutions or download security patches. This allows old malicious codes to continue infecting computers," explains Corrons.
