Exploitation of vulnerability in Internet Explorer was the most significant cybercrime threat during March 2010

12 Apr 2010
Business News

Kaspersky Lab today reports that exploits of a vulnerability found in Microsoft’s web browser, Internet Explorer, were amongst the most widespread malware programs detected during March 2010. Meanwhile, the script Trojan-Downloader program, Gumblar, has continued the resurgence reported last month to remain the most prolific malware program on the global threat landscape.

The IT threat landscape evolved significantly in March 2010 with new programs accounting for more than half of Kaspersky Lab’s Top Twenty ranking of malicious programs detected on the Internet, with Trojan variants continuing to dominate.

One of the most significant events during March 2010 was the publishing of a rather detailed description of a vulnerability that was found to exist in versions 6 and 7 of Microsoft’s popular web browser, Internet Explorer. This in turn led the exploit to becoming extremely widespread by cybercriminals. Two variants of the exploit - Exploit.JS.CVE-2010-0806.i and Exploit.JS.CVE-2010-0806.b - in second place and tenth please respectively, accounted for 199,484 attempted downloads during March 2010.

Although software vendors typically quickly patch such vulnerabilities in software programs, Kaspersky Lab warns that too many computer users are not installing these patches in time.

The epidemic being caused by the Trojan-Downloader program, Gumblar, remained in full swing throughout March. The variant - Trojan-Downloader.JS.Gumblar.x - remained at the top of the chart, whilst a new updated variant was reported, detected as HEUR:Trojan-Downloader.Script.Generic.

Kaspersky Lab has also identified that cybercriminals are increasingly taking advantage of user gullibility and naivety. The most common malware of this kind used by the cybercriminals in March included rogue antivirus solutions and ransomware.

Top twenty ranking for March 2010 - Malicious programs, adware and potentially unwanted programs that were detected and neutralised when accessed for the first time, i.e. by the on-access scanner.


Position Change in position Name Number of infected computers
1   0 Net-Worm.Win32.Kido.ir   332833  
2   0 Virus.Win32.Sality.aa   211229  
3   0 Net-Worm.Win32.Kido.ih   186685  
4   0 Net-Worm.Win32.Kido.iq   181825  
5   0 Worm.Win32.FlyStudio.cu   121027  
6   0 Trojan-Downloader.Win32.VB.eql   68580  
7   New Trojan.Win32.AutoRun.abj   66331  
8   1 Virus.Win32.Virut.ce   61003  
9   1 Packed.Win32.Krap.l   55823  
10   -2 Worm.Win32.AutoIt.tc   55065  
11   4 Worm.Win32.Mabezat.b   49521  
12   -5 Exploit.JS.Aurora.a   43776  
13   New Packed.Win32.Krap.as   40912  
14   New Trojan.Win32.AutoRun.aay   40754  
15   3 Trojan-Dropper.Win32.Flystud.yo   40190  
16   -4 Virus.Win32.Induc.a   38683  
17   -4 not-a-virus:AdWare.Win32.RK.aw   38547  
18   New Trojan.Win32.AutoRun.abd   37037  
19   -5 not-a-virus:AdWare.Win32.Boran.z   36996  
20   0 not-a-virus:AdWare.Win32.FunWeb.q   34177  


Top twenty ranking for March 2010 - Malicious programs on the Internet, reflecting the online threat landscape. This ranking includes malicious programs detected on web pages and malware downloaded to victim machines from web pages.


Position Change in position Name Number of attempted downloads
1   0 Trojan-Downloader.JS.Gumblar.x   178965  
2   New Exploit.JS.CVE-2010-0806.i   148721  
3   -1 Trojan.JS.Redirector.l   126277  
4   2 Trojan-Clicker.JS.Iframe.ea   102226  
5   4 Exploit.JS.Aurora.a   88196  
6   4 Trojan.JS.Agent.aui   80654  
7   -3 not-a-virus:AdWare.Win32.Boran.z   75911  
8   New Trojan.HTML.Fraud.aj   68809  
9   New Packed.Win32.Krap.as   64329  
10   New Exploit.JS.CVE-2010-0806.b   50763  
11   New Trojan.JS.FakeUpdate.ab   49412  
12   New Trojan.HTML.Fraud.aq   48927  
13   3 Packed.Win32.Krap.ai   47601  
14   Return Trojan-Downloader.JS.Twetti.a   46858  
15   New Exploit.JS.Pdfka.bub   45762  
16   New Trojan-Downloader.JS.Iframe.byo   44848  
17   New Trojan.JS.FakeUpdate.aa   42352  
18   Return not-a-virus:AdWare.Win32.Shopper.l   41888  
19   New Trojan-Clicker.HTML.IFrame.fh   38266  
20   New Packed.Win32.Krap.ao   36123  

To find out more about cyber threats visit: http://www.kaspersky.co.uk.