GFI Labs finds that Trojan attacks remain rampant
GFI Software, a leading IT solutions provider for small and medium-sized enterprises, today announced the top 10 most prevalent malware threats for the month of August 2010. The report, compiled from monthly scans performed by GFI's award-winning anti-malware solution, VIPRE® Antivirus, and its antispyware tool, CounterSpy®, is a service of GFI Labs™.
GFI VIPRE ThreatNet™ statistics for the month of August show that GFI customers were under attack throughout the month primarily by the same Trojan horse programs that have persisted for several months. In fact, the top four threats were unchanged in order from the month of July. Trojans detected as Trojan.Win32.Generic!BT were still the chief detection, slightly down to 25.11 percent of total detections. This particular Trojan detection has been in the top spot for some time: in July with 29.08 percent and in June with 27.16 percent of the total detections.
The number two detection, Trojan-Spy.Win32.Zbot.gen is a detection of password-stealing Trojans with many versions. The third largest detection, Trojan.Win32.Generic.pak!cobra, is a generic detection for a variety of malware that can infect 32- and 64-bit Windows installations.
“Detections of this malicious code indicate that botnet operators continue to try to infect machines and use them in their spamming networks,” said Francis Montesino, manager of the malware processing team, GFI Labs. “Our ThreatNet detections for the month also agree with other reports we’ve heard in the last few weeks that have found a high level of traffic in rogue security products. These are often referred to as scareware. We’re seeing a multitude of detections of the downloaders and installers that are associated with the rogues.
Montesino continued, “Our research group is analyzing new rogues too, but what we’re seeing through ThreatNet indicates that VIPRE is preventing these rogue downloads.”
The top 10 results represent the number of times a particular malware infection was detected during VIPRE and CounterSpy scans that report back to ThreatNet, GFI’s community of opt-in users. These threats are classified as moderate to severe based on method of installation among other criteria established by GFI Labs. The majority of these threats propagate through stealth installations or social engineering.
The top 10 most prevalent malware threats for the month of August are:
- Trojan.Win32.Generic!BT - 25.11%
- Trojan-Spy.Win32.Zbot.gen - 4.23%
- Trojan.Win32.Generic.pak!cobra - 3.61%
- INF.Autorun (v) - 3.27%
- Trojan.Win32.Generic!SB.0 - 2.01%
- BehavesLike.Win32.Malware (v) - 1.04%
- Worm.Win32.Downad.Gen (v) - 0.96%
- Trojan.Win32.Malware.a - 0.93%
- Trojan.Win32.Meredrop - 0.92%
- Exploit.PDF-JS.Gen (v) - 0.84%
About GFI Labs
GFI Labs, formerly known as SunbeltLabs, specializes in the discovery and analysis of dangerous vulnerabilities (i.e., security holes, bugs, maligned features or combination of operations) that could be exploited for Internet and email attacks. The research team actively researches new malware outbreaks, creating and testing new threat definitions on a constant basis.
About GFI
GFI Software provides web and mail security, archiving and fax, networking and security software and hosted IT solutions for small to medium-sized enterprises (SME) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMEs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner.