Exploits – the cybercriminals' top tool during May 2010

07 Jun 2010
Virus News

Kaspersky Lab has released its monthly malware statistics detailing which malicious programs were detected and blocked by the company’s security software solutions during May 2010.

Exploits – dedicated programs designed to attack computers via vulnerabilities in legitimate software – and their Trojan counterparts dominated not only the Top Twenty rating for malware detected on computers protected by Kaspersky Lab solutions, but also the Internet-borne malware rating.

In recent months both these rankings have shown a marked increase in the use of exploits by cybercriminals. Their goal remains the same – the theft of confidential user data – but the propagation techniques and methods that prevent the analysis and detection of malware have varied.

One entry of note in the end-user Top Twenty malware list is a Trojan that steals account logins and passwords for popular online games. Players of CabalOnline, Metin2, Mu Online and various games developed by Nexon.net have all been affected by Trojan-GameThief.Win32.Magania.dbtv.

Eleven of May’s Internet malware Top Twenty are exploits of one sort or another and their accompanying Trojan sidekicks. These malicious programs occupy five consecutive Top Twenty places starting from second place and then appear on the list in groups of two or three. Three of the newcomers are exploits for Java and users of this platform are strongly advised to check for software updates on a regular basis.

First place on the Internet malware Top Twenty goes to Trojan-Clicker.JS.Iframe.bb. This particular piece of malware is designed to increase website hit counts by making the victim computers visit them without the users’ knowledge or consent. In May alone this Trojan infected almost 400,000 websites.

Malicious programs detected on computers protected by Kaspersky Lab

The first Top Twenty list immediately below shows malware, adware and potentially unwanted programs that were detected and neutralised by Kaspersky Lab’s on-access scanner when they were accessed for the first time.

Position Change in position Name Number of infected computers
1   0 Net-Worm.Win32.Kido.ir   339585  
2   0 Virus.Win32.Sality.aa   210257  
3   0 Net-Worm.Win32.Kido.ih   201746  
4   0 Net-Worm.Win32.Kido.iq   169017  
5   9 Trojan.JS.Agent.bhr   161414  
6   -1 Worm.Win32.FlyStudio.cu   127835  
7   -1 Virus.Win32.Virut.ce   70189  
8   0 Trojan-Downloader.Win32.VB.eql   66486  
9   0 Worm.Win32.Mabezat.b   54866  
10   0 Trojan-Dropper.Win32.Flystud.yo   50490  
11   0 Worm.Win32.AutoIt.tc   47044  
12   1 Packed.Win32.Krap.l   44056  
13   New Trojan.JS.Iframe.lq   38658  
14   New Trojan.Win32.Agent2.cqzi   35423  
15   1 Trojan.Win32.Autoit.ci   34670  
16   New Trojan-GameThief.Win32.Magania.dbtv   31066  
17   New Trojan-Downloader.Win32.Geral.cnh   30225  
18   New Trojan.JS.Zapchast.dv   29592  
19   -2 Virus.Win32.Induc.a   28522  
20   -8 Exploit.JS.CVE-2010-0806.e   27606  

Malicious programs on the Internet

The second Top Twenty list below shows data generated by the web antivirus component and reflects the online threat landscape. This table includes malware detected on web pages and malware downloaded to victim machines from web pages.

Position Change in position Name Number of attempted downloads
1   New Trojan-Clicker.JS.Iframe.bb   397667  
2   New Exploit.Java.CVE-2010-0886.a   244126  
3   New Trojan.JS.Redirector.cq   194285  
4   New Exploit.Java.Agent.f   108869  
5   New Trojan.JS.Agent.bhr   107202  
6   New Exploit.Java.CVE-2009-3867.d   85120  
7   -2 not-a-virus:AdWare.Win32.FunWeb.q   82309  
8   -6 Exploit.JS.CVE-2010-0806.i   79192  
9   -5 Exploit.JS.CVE-2010-0806.b   76093  
10   New Trojan.JS.Zapchast.dv   73442  
11   -2 Trojan-Clicker.JS.Agent.ma   68033  
12   New Trojan.JS.Iframe.lq   59109  
13   New Trojan-Downloader.JS.Agent.fig   56820  
14   5 not-a-virus:AdWare.Win32.Shopper.l   50497  
15   2 Exploit.JS.CVE-2010-0806.e   50442  
16   -4 Trojan.JS.Redirector.l   50043  
17   New Trojan.JS.Redirector.cj   47179  
18   -2 not-a-virus:AdWare.Win32.Boran.z   43514  
19   -6 Trojan-Dropper.Win32.VB.amlh   43366  
20   New Exploit.JS.Pdfka.chw   42362  

The full version of Kaspersky Lab’s Monthly Malware Statistics for May can be found at www.securelist.com/en.