Computer Crime Research Center


Top 10 viruses, computer crimes, spyware

Date: January 02, 2006

Panda Software presents the ranking of the viruses and spyware most frequently detected by the Panda ActiveScan online security solution in 2005.

In first place for the top malware ranking is Sdbot.ftp, which has held this ranking for the last six months. This generic detection of the variants of the Sdbot worm, downloaded via FTP, was responsible for 3.7 percent of infections. In second place comes the tenacious veteran Netsky.P. Since this worm first appeared in 2004, it has stubbornly refused to leave the monthly list of most frequently detected viruses. Ironically, this worm exploits a vulnerability in Internet Explorer which was detected and resolved some years ago.

Third place is held by QHost.gen, a Trojan that prevents access to several web pages that are mainly related to IT security. Then comes Gaobot.gen, a generic detection for worms from the Gaobot family that exploit several software vulnerabilities.

The Trojans -- Citifraud.A, designed to defraud users through a phishing attack, and Zapchast.D -- hold the fifth and sixth places in the ranking. Then come three more veterans: Parite.B, Netsky.D and Sasser.ftp -- the latter being a generic detection for the script created by worms from this extensive family in order to download themselves via FTP. Finally, the Trojan, Psyme.C, completes the list.

The following conclusions can be drawn from the Top Ten ranking of viruses

most frequently detected by Panda ActiveScan in 2005:

A) Balance between Trojans and worms. Whereas in previous years computer worms were more prominent in the ranking of frequently detected viruses, 2005 has witnessed a more even balance. This tendency has also been seen from month to month.

B) Botnets and financial fraud as growing threats. With Sdbot (a typical example of a bot) in first place and the presence of malicious code such as Citifraud.A, designed to carry out phishing attacks, in the ranking, it is clear that there has been a change of motivation for the creators of malicious code -- they now seek financial returns above all else.

C) Poorly protected computers, a persistent threat. The continued presence of veteran malicious code such as Parite.B and Sasser, or those like Netsky.P, that exploit software vulnerabilities (which have long ago been resolved) reveals just how many computers are still poorly protected. This creates a favorable environment for virus creators to spread new malicious code.

With respect to spyware, the most frequently detected in 2005 are, Cydoor, Betterlnet and Altnet.

Rank Spyware Malware

1 W32/Sdbot.ftp
2 Cydoor W32/Netsky.P.worm
3 BetterInet Trj/Qhost.gen
4 Altnet W32/Gaobot.gen.worm
5 Petro-Line Trj/Citifraud.A
6 MarketScore Trj/Zapchast.D
7 Virtumonde W32/Parite.B
8 Media-motor W32/Netsky.D.worm
9 Aveo-Attune W32/Sasser.ftp
10 Aureate-Radiate VBS/Psyme.C
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo