Head of BitDefender Antivirus Lab, Sorin Dudea, says in tenth position the security teams found a "silent" trojan that gets injected in vulnerable, legitimate websites.
“It is solely used to make visitors' browsers load exploit code, such as those detected by BitDefender as Exploit.SWF.Gen and Trojan.Exploit.ANPW – which sit in sixth and fifth place respectively.
According to Dudea, Trojan.Peed.Gen (aka the venerable Storm Worm) racked up 1.81% of detections for April, but “this time around as a dropped component for some other threat. A sign maybe that while it's still useful, it has outlived its effectiveness as an infector and is now used only for the control functionality it provides to an attacker.”
Dudea reports that a newcomer occupies eighth spot - Trojan.KillAV.PT – which he says is a bit of "utility" malware, which kills any antivirus or security process it can find on the targeted machine, “prevents the processes from running ever again, then decrypts and executes a downloader, which in turn downloads and installs a game password stealer.”
According to Dudea, seventh position on the top 10 list was occupied by Win32.Sality, which he describes as the “only true virus in the April Top Ten, a polymorphic file infector which modifies executable files (.exe and .scr) appending its encrypted body at the end of files in a newly created section.”
CONTINUED page 2