Trojans remain the biggest e-threat

Peter Dinham
Thursday, 07 May 2009 09:29

Business IT - Security

“Its other means of spreading is also a new old thing - linking to an infected executable from the Autorun.INF File found on removable media or network shares, a trick that has served the much newer Downadup/Conficker well.

As for Conficker, Dudea says the worm occupies fourth place, under the Win32.Worm.Downadup.Gen and, he warns, even though its capabilities are well known by now, the fact that it is still “spreading vigorously enough to constitute 3.05% of detections by itself is something of a surprise after all this time.”

"We can only hope the high detection rate is due to the people who were previously infected finally running an antivirus.

However, I expect the reality is more along the lines of the worm being replicated by a sizeable network of infected machines."

According to BitDefender, in April two rather old adware trojans, Wimad and Clicker, occupy the third and second spots, with Trojan.AutorunINF.Gen occupying first place.

Dudea says it is not a single e-threat, but rather a generic name for trojans which use the Autorun.INF spreading mechanism, but for which a specific signature has not been added.

"We're pretty pleased with having this kind of generic, no-human-in-the- loop detection work well. The future of reliable antivirus detection depends on adapting to new e-threats in real time and such techniques pave the way forward."

Here are BitDefender’s entire top 10 e-threats for April:
       
1.    Trojan.AutorunINF.Gen    9.00
2.    Trojan.Clicker.CM    8.47
3.    Trojan.Wimad.Gen.1         5.68
4.    Win32.Worm.Downadup.Gen    3.05
5.    Trojan.Exploit.ANPW    2.84
6.    Exploit.SWF.Gen        2.40
7.    Win32.Sality.OG        2.10
8.    Trojan.KillAV.PT    1.91
9.    Dropped:Trojan.Peed.G    1.81
10.    Trojan.Exploit.SSX    1.74
     Other malware        60.99