While Trojans, spyware, exploits, worms (IM, Linux, Mobile, Win32) and
scripts continue to pose a threat to Internet users, the number of
in-the-wild email worms (or mass mailers) appears to have been
diminishing by five percent each month since the beginning of this year.
June 2007's top 10 threats, as determined by the degree of prevalence are:
Rank | Threat Name | Threat Type | % of Detections | | 1 | W32/Dialer.PZ!tr | Trojan | 13.43 | | 2 | W32/Bagle.DY@mm | Mass mailer | 10.05 | | 3 | W32/Netsky.P@mm | Mass mailer | 7.11 | | 4 | HTML/Iframe_CID!exploit | Exploit | 5.90 | | 5 | W32/ANI07.A!exploit | Exploit | 3.52 | | 6 | W32/Grew.A!worm | Worm | 3.50 | | 7 | W32/Bagle.GT@mm | Mass mailer | 2.43 | | 8 | W32/Sober.AA@mm | Mass mailer | 1.98 | | 9 | W32/Stration.JQ@mm | Mass mailer | 1.89 | | 10 | W32/Sality.Q | Virus | 1.75 |
The June top 10 highlights the following: - The Top 10 remains fairly consistent, with Grew.A, Bagle.GT,
Sober.AA, Stration.JQ and ANI07.A keeping similar relative positions. - New to the top ten is Sality.Q coming in at the bottom to
fill the void left by the departure of the BankFraud.E phishing attack
from the Top 10. - ANI07.A, a mainly web-based exploit, is more notable
this month since the vulnerability has been patched yet continues to
maintain last month's pace.
The most notable threat in the June top 10 is Dialer.PZ, as the
bot-embedded dialer once again takes the reigns, besting W32/Bagle.DY@mm and Netsky.P@mm. Last month the Fortinet Global Security Research Team reported on the life cycle of W32/Dialer.PZ!tr, which spanned from dynamic design, assembly line manufacturing and intelligent statistic reporting to geographic deployment strategy and payload. W32/Dialer.PZ!tr kicked off June exactly where it left off last month, streaming primarily across Mexico and the USA at a torrential pace thanks to the continued aggressive distribution campaign. The threat has been spotted in many other regions across the globe as well.
"These seasoned malware creators seem to have been inspired by the prospects of an infectious summer, and as a result have been busy packing," said Derek Manky, Fortinet security research engineer. "Rest assured, however, these attackers are not packing their bags to leave for a summer vacation -- they have merely wrapped up their malicious creation in a package which they hope will not be inspected by the cyber sentries while trying to cross over virtual borders."
Manky also reports that the malware creators had changed a component in their creation process by packing W32/Dialer.PZ!tr with a new variation of the popular run-time packer UPX. The first recorded sample stamped by the malware creators using this new packer was created on June 21, 2007.
To read the full June report, please visit
http://www.fortiguardcenter.com/reports/roundup_jun_2007.html. |
