Report By VirusBuster: Computer Viruses In October

Some names have changed in VirusBuster's regular monthly virus toplist, but the lesson has basically remained the same. Just as in the previous month, October's data on malicious programs is dominated by trojans associated with fake antivirus applications.

The Hungary-based specialist of IT security continuously monitors virus occurrence and activity. Data from VirusBuster's mail protection systems -- in-house and externally deployed alike -- is collected, and Freemail, a major Hungarian free webmail service is also monitored for malicious load. VirusBuster uses all these sources to generate monthly statistics of the most frequent infections. These monthly virus toplists are published on the company's website as well (http://www.virusbuster.hu/en/viruslab/virus-toplist).

October's list (see below) is led by three trojans, Trojan.DL.FraudLoad.PIL, Trojan.Vilsel.GR and Trojan.Vilsel.DT-t. The trio was responsible for nearly 89% of the infections of the month. Trojans got their name from the legendary wooden horse built by the Greeks to defeat Troy: They pretend to serve users, but in fact they are designed to cheat their victims, explains Dániel Székely, the head of VirusBuster's product management group.

This month's toplist leaders set off (fake) alarm bells warning the victim of a virus infection, and then download a rogue antivirus application, i.e. a program which promises to clean the machine, but which in reality either does nothing (the better option), or starts some malicious activity. Whichever the case, the user is charged -- normally around $50 -- for such a download, so trojans are, in fact, tools for fraud. They mostly come in e-mail attachments. Spammers disguise them as some useful file, such as an order confirmation. But beware! Opening the attachment launches the infection mechanism.

Going further down the toplist, Backdoor.VanBot.BBW, Backdoor.VanBot.BBX, Backdoor.IRCBot.AAWX and Worm.SdBot.GAP may also look familiar. They belong to the family of "botnet" (=robot network) malware, i.e. they organize PCs into networks controlled by cybercriminals. Botnets may have tens of thousands of machines and may spread over many countries. As users normally don't realize that their PCs have become a tool in hackers' hands, machines with such a hidden agenda are called "zombies". Users should take steps to get rid of such malware, since, unknowingly, they may become accomplices in the cybercriminals' activities.

Last but not least, we should take note of I-Worm.Netsky.Q, which, though it has hardly more than 0.5% share, has been a persistent participant in VirusBuster's toplists ever since it showed up back in 2004. This worm spreads in e-mail and on network shares, and sends itself to e-mail addresses found on the infected machine.

VirusBuster's malware toplist for October 2009:

Malware Share (%)
Trojan.DL.FraudLoad.PIL 47.04%
Trojan.Vilsel.GR 36.55%
Trojan.Vilsel.DT 4.93%
Backdoor.VanBot.BBW 2.08%
Backdoor.VanBot.BBX 1.50%
Backdoor.IRCBot.AAWX 0.96%
Worm.SdBot.GAP 0.86%
Trojan.Delf.DRJU 0.59%
I-Worm.Netsky.Q 0.53%
Worm.Rbot.AFAE 0.41%
Other: 4.54%

About VirusBuster Ltd.

With its over 15 years of experience, VirusBuster Ltd. (www.virusbuster.hu) has international reputation in the field of IT security. Based in Budapest, Hungary, the company delivers full-fledged anti-virus and other security solutions on all major platforms to its customers on five continents. Virusbuster’s software has been recognized with numerous prizes and certificates from many independent testing organizations. Its flagship product, VirusBuster Professional, has won several “Virus Bulletin 100%” awards, “Checkmark Anti-Virus Level One” and “CheckVir” certifications. It received the “Desktop/Server Anti-Virus Detection” certification, and, in 2007 and 2008, the “Desktop/Server Anti-Virus Cleaning” certification from ICSA Labs.

The company also attained OESISOK certification in 2008, which proves that its applications are fully interoperable with the network devices of market-leading technology vendors, such as Cisco, Juniper, NORTEL, 3Com and F5, and they are compatible with network protection (endpoint health validator) systems, including NAP, NAC and TNC.

VirusBuster’s experts have gained worldwide recognition, and are regular presenters at international conferences. CEO Julianna Bozsó received the “The IT Director of 2008 award” from the Hungarian Association of IT Companies (IVSZ).

The company was awarded the “Innovative business solution” prize in 2003, and was named as an “IT Hopeful” in 2004. It won two “Distinguished Software Exporter” titles from IVSZ. VirusBuster has been certified as meeting the ISO 9001:2001 quality assurance standard since 2005."

Source: VirusBuster.hu