Password Stealers and Conficker Top June Malware

According to CNET, malware surged in June:

June proved to be another hot month for malware with by a surge in attacks by a password-stealing bot and the return of old nemesis Conficker, according to a report released Tuesday by security software maker Sunbelt.  Designed to ferret out cached passwords and log-in credentials for banking sites, "Trojan-Spy.Win32.Zbot.gen" was the second-most prevalent piece of malware detected by Sunbelt last month, up from the No. 5 spot in May. The top spot, grabbing more than a quarter of all detections, was held by "Trojan.Win32.Generic!BT," a generic form of malware with hundreds of variations and sometimes associated with scareware and rogue security software, noted Sunbelt.

(Credit: Sunbelt Software)

The month also marked a return engagement of Conficker, this time in the form of a variant called Downadup. Following the...<<read more>>>



Editor's Note:  Here's Sunbelt Software's Press Release:

Sunbelt Software Announces Top 10 Malware Threats for June

SunbeltLabs detects surge in password-stealing Trojans, media player threats and the re-emergence of Conficker as users visit untrusted sites in search of World Cup video

July 06, 2010 09:45 AM Eastern Daylight Time 

CLEARWATER, Fla.--(EON: Enhanced Online News)--Sunbelt Software, a provider of security software, today announced the top 10 most prevalent malware threats for the month of June 2010. The report, compiled from monthly scans performed by Sunbelt Software's award-winning anti-malware solution, VIPRE^® Antivirus, and its antispyware tool, CounterSpy^®, is a service of SunbeltLabs™.

“Although Trojans continue to dominate the top 10, June reveals interesting trends such as a fresh wave of Conficker-based detections, suggesting that this troublesome piece of malware is on its way back”

Most significant in June was a surge in detections of Trojan-Spy.Win32.Zbot.gen, a growing family of password-stealing Trojan horse programs, which moved up from fifth place in May to second in June as a result.

Also revealed by Sunbelt Software’s ThreatNet™ statistics was the re-emergence of the high-profile Conficker worm, in the form of variant Downadup. Like the original Conficker strain, Downadup spreads across a network by taking advantage of a vulnerability in Windows Server service which allows remote code execution when file sharing is enabled. This particular variant of Downadup also spreads through removable drives and takes advantage of weak administrator passwords to turn off some system services and anti-malcode protection.

New entries in the top 10 in June were:

• Packed.Win32.Tdss.q (v) (TDSS Rootkit)


• Trojan.ASF.Wimad (v) (Redirect browsers to a malware-infected web site)


• Worm.Win32.Downad.Gen (v) (A variation of the Conficker worm)

Trojan.ASF.Wimad (v) is a VIPRE detection for a group of Trojanized Windows media files which, when opened with Windows Media Player, redirect the victim’s browser to a web site to download malicious files. They have been used to download a variety of malware. The growth in these detections in the month of June is widely due to increased activity around video downloads associated with the FIFA World Cup, which began on June 11.

Trojan.Win32.Generic!BT – a generic detection for Trojans, continued to dominate the top 10 and accounted for a over a quarter (27.16%) of all detections, down a fraction on the previous month. It is a detection that includes many downloaders associated with scareware or rogue security products.

Seven of the top 10 detections found also featured in May, while six of the top 10 were Trojan horse programs, highlighting a small decrease in the number of different types of Trojans being detected in volume. However, Trojans are still highly active, as illustrated by the growth in Trojan-Spy.Win32.Zbot.gen.

INF.Autorun (v), Trojan.Win32.Generic.pak!cobra and BehavesLike.Win32.Malware (v) also recorded significant month-on-month rises in percentage of detections.

“Although Trojans continue to dominate the top 10, June reveals interesting trends such as a fresh wave of Conficker-based detections, suggesting that this troublesome piece of malware is on its way back,” said Sunbelt Software research center manager Tom Kelchner.

“As we expected, malware related to the distribution and downloading of media files is also on the increase, as highlighted by the appearance of Trojan.ASF.Wimad (v) in the top 10 for June, coinciding with the start of the FIFA World Cup. With many of the World Cup matches taking place during work hours when users have no access to a TV, the temptation to seek out online streaming services, be they from trusted or untrusted sources, has been too strong for some users. To avoid unnecessary malware risks, it is essential to keep clear of unknown and unproven sites offering audio and video streaming,” Kelchner added.

The top 10 results represent the number of times a particular malware infection was detected during VIPRE and CounterSpy scans that report back to ThreatNet, Sunbelt Software’s community of opt-in users. These threats are classified as moderate to severe based on method of installation among other criteria established by SunbeltLabs. The majority of these threats propagate through stealth installations or social engineering.

The top 10 most prevalent malware threats for the month of June are:

1.		Trojan.Win32.Generic!BT		27.16%
2.		Trojan-Spy.Win32.Zbot.gen		4.68%
3.		INF.Autorun (v)		4.05%
4.		Trojan.Win32.Generic.pak!cobra		2.58%
5.		BehavesLike.Win32.Malware (v)		1.48%
6.		Packed.Win32.Tdss.q (v)		1.34%
7.		Trojan.ASF.Wimad (v)		1.13%
8.		Trojan.Win32.Malware		1.06%
9.		Trojan.Win32.Agent		1.04%
10.		Worm.Win32.Downad.Gen (v)		1.02%

To see a graphical comparison of the top 10 most prevalent malware infections between May and June, please visithttp://www.sunbeltsoftware.com/malware-threat-report/.

About SunbeltLabs

SunbeltLabs specialises in the discovery and analysis of dangerous vulnerabilities (i.e., security holes, bugs, maligned features or combination of operations) that could be exploited for Internet and email attacks. The research team actively researches new malware outbreaks, creating and testing new threat definitions on a constant basis. For detailed threat research information and to view the top 10 threats in real time please visit SunbeltLabs at http://www.sunbeltsecurity.com.

About Sunbelt Software

Headquartered in Tampa Bay (Clearwater), Fla., Sunbelt Software was founded in 1994 and is a leading provider of Windows security software including enterprise antivirus, antispyware, email security, and malware analysis tools. Leading products include the VIPRE^® and CounterSpy^® product lines, Sunbelt Exchange Archiver™, CWSandbox™, and ThreatTrack™.

For more information about Sunbelt Software, please visit the company’s website at: http://www.sunbeltsoftware.com. To learn more about current activities, products, and ideas at Sunbelt Software, please visit Sunbelt’s corporate blog at http://www.sunbeltblog.com. To view this release online, go to

http://www.sunbeltsoftware.com/Press/Releases/?id=361.

Copyright © 2010 Sunbelt Software. All rights reserved. All trademarks used are owned by their respective companies.

Contacts

Davies Murphy Group

Brian Alberti

sunbelt@daviesmurphy.com

www.daviesmurphy.com

or

Sunbelt Software

Laurie Murrell, 727-562-0101

lauriem@sunbeltsoftware.com

www.sunbeltsoftware.com

Permalink: http://eon.businesswire.com/news/eon/20100706005754/en/SunbeltLabs/malware/security

Related articles by Zemanta

• Sunbelt Software Announces Top 10 Malware Threats for May (eon.businesswire.com)


• Password stealers and Conficker top June malware (news.cnet.com)


• Sunbelt Software Wins 2010 GovSec Award (eon.businesswire.com)


• Sunbelt Software Announces Top 10 Malware Threats for June (eon.businesswire.com)