June turned out to be a watershed in terms of both the online scanner statistics and the email traffic rankings. Overall there are 14 new malicious programs in the Top 20, including several new types of Trojans. Banker.anv continues to lead the rankings. However, the malicious programs which took second and third place in May have dropped significantly. And even if the mail traffic rankings are often relatively stagnant during the summer months, this is more than compensated by the data from our online scanner.
The leader remains the same – a Trojan program that steals online bank account details. Banker.anv’s twin, Banker.ark, has been competing with .anv for first place for several months. However, in June, Banker.ark disappeared completely from the rankings, having been beaten back by antivirus solutions and their users. Banker.ark yielded its place to Agent.vg – a nondescript Trojan, and Agent.qt, which held 3rd place in May dropped to 10th this month.
However, none of this is as intriguing as the onslaught of Trojans that attack online gamers. Until now, these dangerous Trojans have not figured significantly in our rankings, but this month three variants gained 4th, 8th and 14th place. This flood of malware attacking gamers is directly tied to summer vacations, during which hundreds of thousands of school children and university students are gaming full-time. Lineage and Gamania - two of the most popular online games in Asia - have been targeted by virus writers for a while now. Characters and props can cost several thousand US dollars in both games, making stealing passwords in this sector as lucrative as stealing online banking information. As a result, Trojans designed to steal passwords to online games are now as common as Trojan-Downloaders and banking Trojans.
As a matter of fact, Trojan-Downloaders were not as active in June as in prior months. There are only three such programs in the rankings - the first one installs adware, the second one downloads other Trojans via a vulnerability in Microsoft Internet Explorer and the third one is directly tied to the multi-component Bagle family. Moreover, there isn’t a single piece of adware in the rankings this month.
The Bagle author woke up this month and launched several mass mailings of the latest variant – Bagle.fy. This particular variant stood out because it was spread in password protected archives, with the password to the archive sent as an image file. Cybercriminals first used this trick 2 years ago, but people still fall for it, get the password and open the protected archive. The result: the worm is launched. This single fact reminds us that there are still lots of uneducated users out there who have very little idea about basic computer security. Consequently, malware writers are continuing to take advantage of this situation: there are several Bagle family members in our rankings this month – Bagle.fy, Trojan-Downloader.Win32.Bagle.at and Email-Worm.Win32.Bagle.gen.
This month’s rankings also include the traditional keyloggers. The difference between keyloggers and banking or gaming Trojans is that keyloggers record all keystrokes, whereas the other Trojans record only relevant information. In any case, we do have a larger number of keyloggers this month.
|New||Trojan.Win32.Agent.vg, Trojan-PSW.Win32.Lineage.acb, not-a-virus:Monitor.Win32.Perflogger.az, Email-Worm.Win32.Brontok.q, Trojan-Downloader.JS.Agent.ah, Trojan-PSW.Win32.Gamania.cl, Trojan-Downloader.Win32.Adload.bo, Trojan-Spy.Win32.Banbra.gi, Trojan-PSW.Win32.Lineage.oz, not-a-virus:Monitor.Win32.Perflogger.ad, Email-Worm.Win32.Bagle.fy, Trojan-Downloader.Win32.Bagle.at, Email-Worm.Win32.Bagle.gen|
|Moved down||Trojan.Win32.VB.ami, Trojan.Win32.Agent.qt, Packed.Win32.Tibs|
|No Change||Trojan-Spy.Win32.Banker.anv, not-a-virus:PSWTool.Win32.RAS.a|