Press releases

Phishing Attacks Remain High

HTML/Phishing.gen was the top threat during August. According to ESET, who have created a reporting system called “ThreatSense.Net®” ©, out of the top 10 ranking threats, Phishing.gen constituted more than 5% of all threats.

August, 2006 Shows Increase in Phishing

During the month of August, close to 5.22% of all detections were of Phishing.gen threats. This is a form of criminal activity using social engineering techniques, and uses fake emails and web sites to grab private information from users, usually by masquerading as security messages coming from a legitimate bank.

Swizzor Worm Down but Not Out

Second in the ranking for August, we find a Trojan, Win32/TrojanDownloader.Swizzor, which reached 3.21% of detection during last month. Swizzor was the most detected threat during the first six months of the year, experiencing a decrease during July. This Trojan can be covertly installed from certain web sites or be delivered through spammed email. When the Trojan is executed, it installs several Spyware tracking programs.

Swizzor is created using an autogeneration routine, which means that every time it is downloaded it is likely to be different. Because of this, several thousand variants of this Trojan are created every day, so proactive detection is a must when it comes to protect users against it. ESET created a generic signature against this Spyware several months ago when it was first discovered.

Remaining Results

In third place we find a Brontok worm, which reached 2.96% of detection during last month. Detected as Win32/Brontok.A, this threat combines worm and backdoor features, opening up infected systems to remote attackers, and, like Netsky, can use shared resources to propagate through a local area network.

Win32/Adware.180Solutions was number 4 in August with more than 2.13% of detections. This is basically an adware that installs several components in the system, and collects some information about its usage.

The 5th place on the ranking for August was held by Win32/Netsky.Q, with 2.09% of all detections. This worm, also known as Netsky.P by other vendors, can spread as an attachment to emails. It can also use peer-to-peer and network share resources to replicate itself. The Netsky family is one of the most prevalent families of malware ever to hit the wild. Still in the top ten more than a year after its initial discovery, Netsky.Q and its relatives show no sign of disappearing any time soon.

Below Netsky.Q worm, we can find Win32/Brontok.B worm at the 6th position. This threat was number 1 in July, and showed a slight decrease in detections during August. This is basically a worm, very similar to the Brontok.A worm.

In seventh place is Win32/VB.NEI worm, which was number 4 in June and number 6 in July, showing a slight decrease in detections. This malware, with the CME designation CME-24, and sometimes called Nyxem or Blackworm, started to spread in February 2006, reaching high infection rates and grabbing media attention (most likely because of the Kama Sutra association). Every 3rd of any month, this worm can activate a dangerous routine that deletes files from local and network drives.

In the last three positions we find an Adware (Win32/Adware.Hotbar), a worm (Win32/Bagle.gen.zip) and a generic exploit (Win32/Exploit.WMF). The three threats garner between 1.3% and 1.5% of all detections each.

Conclusions

Currently, most spreading malware has different features and capabilities, and often there are several (or more!) variants of each one. Because of this, along with frequently updating your Anti-Virus solution, it is important to have proactive detection features, such as those in NOD32, to be protected against new and unknown threats that appear daily.

About ThreatSense.Net®

ThreatSense.Net®, which reports detection statistics from millions client computers around the world is believed to be the most comprehensive malware reporting system in existence.

From an original idea, realized in VIRUS RADAR® http://www.virusradar.com, the reporting system has evolved to what is now ThreatSense.Net®®, vastly improving the statistical data gathered. Rather than only being email based, as with VIRUS RADAR, the information from ThreatSense.Net® includes data about all types of threats seen on user systems.

The (anonymous) statistical information is collected from NOD32 users who enable the reporting service in the product, and it gives a more comprehensive view of the behavior and spread of malware in the real world. Currently data is collected from more than 10 million systems, and has tracked more than 10,000 different threats and malware families.