Widely available malicious code threatening users: Kaspersky Lab's Malware Statistics for April 2010

30 Apr 2010
Virus News

Kaspersky Lab, a leading developer of secure content management solutions, has released its Monthly Malware Statistics for April.

The month of April saw a particularly sharp rise in one of the main types of web attack – malicious exploits whose source codes are widely available. Virus writers have been actively building upon the work of fellow black hats and vulnerability researchers to quickly and easily modify existing malicious programs for their own ends.

In the vast majority of cases, the target of such attacks is confidential data, with cybercriminals trying to gain access to email and online gaming services accounts as well as various other websites. These types of attempts ran into the hundreds of thousands in April.

Throughout the month Kaspersky Lab’s experts recorded the rapid rise of CVE-2010-0806, an exploit that uses a vulnerability in Internet Explorer. This resulted in it appearing in the top spot in our second Top 20 rating for web-borne malware. The exploit usually imports small downloader programs to victims’ computers which then download other malicious programs to the infected machines. The total amount of attempted downloads of the three exploit variants exceeded 350,000 in all.

Among the newcomers in April were three exploits in second, tenth and thirteenth places that target vulnerabilities in Adobe Reader and Acrobat. The vulnerabilities that these three PDF exploits use are relatively old and were detected back in 2009. The Trojans that are downloaded by these exploits are themselves downloaders and they in turn run lots of other malicious programs.

Kido and Sality continue to occupy first and second place in the Top Twenty most frequently occurring malicious programs detected on users’ computers. The leader of the Top Twenty malicious programs on the Internet for the last two months running has been Gumblar.x, which was nowhere to be seen in April after its activity fell off sharply. This Gumblar epidemic exploded onto the scene, peaking in February when over 450,000 websites were infected, and disappeared just as quickly two months later. It remains to be seen when the next epidemic will strike, or if there will even be one, but we’ll be keeping an eye on developments.

China leads the field for drive-by infections, with Russia is second place and the USA in third.

You can find more detailed information about the Monthly Malware Statistics for April here www.securelist.com/en.