Online Scanner Top Twenty for December 2007

02 Jan 2008
Virus News

Position Change in position Name Percentage
1 New! New Trojan.Win32.Dialer.yz 1.37
2 No Change 0 Virus.Win32.Virut.av 1.33
3 No Change 0 Email-Worm.Win32.Brontok.q 1.10
4 Up +1 not-a-virus:PSWTool.Win32.RAS.a 1.01
5 New! New Trojan.Win32.BHO.abo 0.78
6 Up +5 Virus.Win32.Virut.q 0.73
7 New! New Trojan.Win32.Inject.mt 0.68
8 Down -8 Trojan.Win32.Dialer.qn 0.66
9 Return Return not-a-virus:Monitor.Win32.Perflogger.ca 0.64
10 Down -4 Email-Worm.Win32.Rays 0.63
11 Down -1 not-a-virus:AdWare.Win32.BHO.cc 0.58
12 New! New Trojan.Win32.VB.atg 0.56
13 Up +4 not-a-virus:AdWare.Win32.BHO.ic 0.53
14 Up +4 Trojan-Spy.Win32.Ardamax.n 0.52
15 New! New Virus.Win32.Virut.p 0.50
16 Return Return not-a-virus:Monitor.Win32.Perflogger.ad 0.49
17 New! New not-a-virus:AdWare.Win32.Virtumonde.bxd 0.48
18 Down -6 Packed.Win32.NSAnti.r 0.45
19 Down -11 Trojan.Win32.Agent.cro 0.44
20 New! New not-a-virus:Monitor.Win32.Perflogger.cb 0.44
Other malicious programs 86.08

A look at the December statistics makes it possible for us to draw some preliminary conclusions about the malware landscape in 2007. The situation is still not entirely clear. However, we can say with certainty that first place in our online scanner ratings this year was occupied, more often than not, by Trojan dialer programs. December was no exception.

Trojan.Win32.Dialer.yz took first place in the December rankings, replacing November's Dialer.qn. Since it was detected on 11th December 2007, this modification has spread widely and actively. Our virus lab has already detected more than 600 variants of this program.

The epidemic of Virut viruses continues. Virut.av retained second place, Virut.q went up five places, and Virut.p joined the throng, making it into fifteenth place. In terms of numbers, programs from the Virut family overtake all other malicious programs in the December Online Top Twenty.

Adware in the form of Browser Helper Objects (BHO) is continuing to evolve. BHO.cc has claimed a place in the rankings for several months in a row now. The program was detected at the beginning of July and spreads together with BitAccelerator. In October this program managed to reach fourth place, dropping down to eleventh place in December. BHO.ic comes hot on its heels in thirteenth place. Incidentally, using Browser Helper Objects isn't purely the prerogative of adware. Fifth place is occupied by Trojan.Win32.BHO.abo, which looks as though it will be in our rankings for some time to come.

Perflogger, a keylogging program, is in a similar position to Adware.BHO. Two variants of this program re-entered the rankings (in ninth and sixteenth place) with a new variant, Perflogger.cb, joining them by taking twentieth place.

Add the Trojan-Spy program Ardamax.n into the mix, and that gives us four programs (out of the twenty in the rankings) which log keystrokes. Even though this method of stealing data is as old as the hills, it's still a very popular approach among malicious users.

The gaming Trojan, OnlineGames.isb has disappeared from the rankings. However, we predict that the number of malicious programs designed to steal online gaming accounts will increase in our statistics. This class of malicious programs is evolving steadily and will be one of the main threats in 2008.

Summary:

  1. New: Trojan.Win32.Dialer.yz, Trojan.Win32.BHO.abo, Trojan.Win32.Inject.mt, Trojan.Win32.VB.atg, Virus.Win32.Virut.p, not-a-virus:AdWare.Win32.Virtumonde.bxd, not-a-virus:Monitor.Win32.Perflogger.cb
  2. Went up: not-a-virus:PSWTool.Win32.RAS.a, Virus.Win32.Virut.q, not-a-virus:AdWare.Win32.BHO.ic, Trojan-Spy.Win32.Ardamax.n
  3. Went down: Trojan.Win32.Dialer.qn, Email-Worm.Win32.Rays, not-a-virus:AdWare.Win32.BHO.cc, Packed.Win32.NSAnti.r, Trojan.Win32.Agent.cro
  4. No change: Virus.Win32.Virut.av, Email-Worm.Win32.Brontok.q
  5. Re-entry: not-a-virus:Monitor.Win32.Perflogger.ca, not-a-virus:Monitor.Win32.Perflogger.ad