BitDefender Issues Top Ten Malware Threats for October 2007

SYDNEY (31 October, 2007) - BitDefender, a global provider of award-winning antivirus software and data security solutions, has announced October▓s top ten security threats. According to BitDefender Labs, these threats represented over 65 per cent of all malware detected in October, and the company advises computer users to take extra care in avoiding them. The top ten threats are:

Rank Name %
1 BehavesLike:Trojan.Downloader 20.36
2 Exploit.Win32.WMF-PFV 17.51
3 Packer.Malware.NSAnti.J 10.49
4 Win32.Netsky.P@mm 6.56
5 Win32.NetSky.D@mm 2.06
6 Win32.Netsky.AA@mm 2.00
7 Win32.Nyxem.E@mm 1.90
8 Trojan.VBS.Autorun.J 1.79
9 Win32.Sality.M 1.46
10 Trojan.Agent.AFIS 1.43
OTHERS 34.43

The "flattening" phenomenon seen in recent months seems to continue, as the first three spots in the monthly top ten threats are occupied not by single pieces of malware, but by generic signatures - detection rules which stand in for all the malware using a particular infection or obfuscation technique.

Indeed, the first position is occupied by trojan downloaders, a category which, through such exponents as the Peed trojan (aka Storm worm) has made headlines recently.

An old exploit takes second position, presumably due to the fact that it is just old enough to have found its way into the code of many different worms as one more trick to try when attempting an infection but still not old enough that there doesn't exist a sizeable population of unpatched machines anymore.

On the third position stand files detected as Packer.Malware.NSAnti.J, which are actually programs that had been packed/protected with a protection system called NSAnti, used by malware authors to bypass anti-virus protection and to hide malware contents. The packer itself is polymorphic and has the ability to detect if it's running in a virtualized environment and to try crashing it upon detection, in an attempt to make automated detection of new versions harder.

The following few places are occupied by old and very old mass mailer viruses, proving once again that, with the wonders of backups and highly reliable computers, viruses never truly die.
Unfortunately, the Sality.M virus is yet again present in the top ten, hovering in one of the bottom places as it has done for most of the year.

"All in all, it's been a rather eventful month" declared Viorel Canja for BitDefender. "We're seeing lots and lots of new viruses and a general tendency toward even stealthier malware that gets updated at a fantastic clip. Once again, B-HAVE and other automated detection techniques have proved crucial in keeping our customers safe".