Online Scanner Top Twenty for April 2008

30 Apr 2008
Virus News

PositionChange in positionNamePercentage
1. Up +4 Email-Worm.Win32.Brontok.q 1.71
2. Down -1 not-a-virus:AdWare.Win32.Virtumonde.gen 1.58
3. Up +1 not-a-virus:PSWTool.Win32.RAS.a 1.45
4. Up +2 Virus.Win32.Virut.n 1.00
5. Return Return Virus.Win32.Virut.q 0.86
6. Up +7 not-a-virus:Monitor.Win32.Ardamax.ae 0.75
7. Down -4 Trojan.Win32.Dialer.yz 0.69
8. New! New! Virus.Win32.Alman.b 0.64
9. New! New! not-a-virus:AdWare.Win32.Agent.zk 0.60
10. New! New! Backdoor.Win32.Hupigon.vnd 0.59
11. New! New! Trojan-PSW.Win32.OnLineGames.isb 0.59
12. Down -1 Email-Worm.Win32.Rays 0.58
13. Down -3 Trojan.Win32.Delf.aam 0.53
14. Down 0 Virus.Win32.Parite.b 0.49
15. New! New! Worm.Win32.Mabezat.b 0.49
16. Down -14 Email-Worm.Win32.Bagle.of 0.48
17. Return Return not-a-virus:Monitor.Win32.Perflogger.ad 0.45
18. Return Return not-a-virus:Monitor.Win32.Perflogger.ca 0.44
19. Up +1 Trojan-Spy.Win32.Ardamax.n 0.41
20. New! New! not-a-virus:RiskTool.Win32.HideWindows 0.40
Other Malicious Programs 85.27


At last, there's been a change in the three malicious programs leading our Online Top Twenty. After two months in first place, the adware program Virtumonde has slipped to second, while the other two programs which kept it company at the top in February and March fell further down the rankings.

April's surprise was the veteran worm Brontok.q - after a third place finish at the end of 2007 and after hovering around sixth place for most of 2008, the worm shot to the top of the rankings. It took advantage of the previous leader experiencing a significant drop from 4.32% in March to 1.58% in April. This suggests that Virtumonde's authors have eased off the rate at which they are circulating their malicious creation.

The classic file virus, Virut.n, increased its share for the second month in a row: it now ranks just below the top three. The rise of two places in April follows a jump of ten places in March. The authors of Virut.n authors are obviously continuing to develop this malicious program and it's not difficult to see why. Virus.Win32.Virut.n is not simply a file infector created by a virus writer for amusement - it's primarily a bot for creating zombie networks. The latter are, of course, becoming increasingly popular and profitable in the world of cybercrime. Incidentally, the only other version of the Virut virus in the Top Twenty - Virut.q - is keeping its namesake company just below in fifth place. It will be interesting to see if one of those two can claim top spot in the coming months.

Among the newcomers to the rankings two programs stand out: the Chinese backdoor program Hupigon.vnd and the Trojan-PSW.Win32.OnLineGames.isb, which is designed for stealing accounts to a range of popular online games such as World Of Warcraft, and Lineage.

April's Top Twenty shows the continued dominance of malicious programs which are primarily designed to steal a wide range of user passwords.

Summary

  • New: Virus.Win32.Alman.b, not-a-virus:AdWare.Win32.Agent.zk, Backdoor.Win32.Hupigon.vnd, Trojan-PSW.Win32.OnLineGames.isb, Worm.Win32.Mabezat.b, not-a-virus:RiskTool.Win32.HideWindows.
  • Went up: Email-Worm.Win32.Brontok.q, not-a-virus:PSWTool.Win32.RAS.a, Virus.Win32.Virut.n, not-a-virus:Monitor.Win32.Ardamax.ae, Trojan-Spy.Win32.Ardamax.n.
  • Went down: not-a-virus:AdWare.Win32.Virtumonde.gen, Trojan.Win32.Dialer.yz, Email-Worm.Win32.Rays, Trojan.Win32.Delf.aam, Email-Worm.Win32.Bagle.of
  • Re-entry: Virus.Win32.Virut.q, not-a-virus:Monitor.Win32.Perflogger.ad, not-a-virus:Monitor.Win32.Perflogger.ca
  • No change: Virus.Win32.Parite.b