Using data generated by ActiveScan online scanner, PandaLabs has drawn up the ranking of the malicious codes most frequently detected in October. Several examples of malware are prominently visible.
Sdbot.ftp (the script used by the Sdbot family of worms to download themselves via FTP) once again occupied first place, continuing throughout 2006. Sdbot worms exploit vulnerabilities in Windows, such as RPC-DCOM, LSASS and such to infect computers. The fact that this code still tops the ranking indicates just how many users are still not updating their security systems.
| Virus name | % Frequency | Previous month's position |
|---|---|---|
| W32/Sdbot.ftp.worm | 2.08 | 1 = |
| Trj/Torpig.A | 1.74 | 4 (inc.) |
| Trj/Abwiz.A | 1.18 | New |
| W32/Netsky.P.worm | 0.96 | 2 (dec.) |
| W32/Puce.E.worm | 0.85 | 8 (inc.) |
| Trj/Jupillites.G | 0.80 | 3 (dec.) |
| Tr j/Mitglieder.JB | 0.79 | New |
| Trj/Ruins.A | 0.78 | New |
| Trj/Qhost.gen | 0.73 | 9 = |
| Trj/Banker.EXW | 0.68 | New |
In second place, two places higher than last month is the Torpig.A Trojan, responsible for 1.74% of infections. This Trojan, although seemingly inoffensive, is capable of carrying out attacks and intrusions. The great danger of Torpig.A is that it captures certain information entered or saved by the user, with the corresponding threat to user privacy. This includes passwords saved by certain Windows services.
The appearance of Abwiz.A in third place on the list is also concerning, as this Trojan can be used to steal passwords stored on the system. To go undetected by even the most experienced users, Abwiz.A has a built-in system for hiding itself on computers.
The veteran Netsky.P is in fourth place, which exploits Internet Explorer vulnerability to run automatically. There is another code which is creeping up in the ranking. Puce.E.worm was in the eighth position last month, has a series of characteristics that make it particularly dangerous. It prevents programs from accessing the websites of several security related companies; it redirects attempts to access certain banks' web pages to imitation pages in order to capture user login information and it re-routes connections to several web pages to another IP address.
The final five positions in the ranking are occupied by the Trojans Jupillites.G, Mitglieder.JB, Ruins.A, Qhost.gen and Banker.EXW. All of these examples of malware allow an attacker to surreptitiously enter infected computers and carry out numerous actions, most notably, using the system fraudulently for sending spam. They can also be used for other illegal and dangerous activity including launching attacks against companies and stealing confidential information by using the affected computer as a cover.
