Kaspersky names April Top 20

Johannesburg, 05 May 2009

Two newcomers have made an impression on the Kasperky Lab Top 20 lists for April: Virus.Win32.Virut.ce and Exploit.HTML.CodeBaseExec.

Ryan Naraine, security evangelist, Americas at Kaspersky Lab, says: “Virut.ce entered near the top of our second ranking in February and now looks set to dominate the first ranking as well. New versions of the virus are appearing every day, which suggests that cyber-criminals are monitoring how and when the malware is detected by anti-virus programs and trying to increase the size of the botnet made up of infected machines.”

According to him, the epidemic caused by this virus is gaining momentum and May could well see Virut.ce moving several places up the rankings.

He describes the second newcomer as a little piece of malware history, as the first version of this malware was found by Kaspersky Lab in 2004. Although it featured regularly in Kaspersky's malware rankings in 2006, it is being flagged as a newcomer as the format and methods used to compile the Top 20 rankings have changed.

Naraine says the program exploits a simple vulnerability in versions 5.01, 5.5 and 6.0 of Internet Explorer, and seems to bank on the fact that a significant number of people will not have installed the relevant security updates or are still using older versions of Internet Explorer.

“Trojan.Win32.Chifrax.a dropped out of the ranking last October but has returned at number four for April,” he says. “This Trojan, like RaMag.a, is a modified WinRAR archive, which in this instance is a self-extracting archive.”

Also in April's rankings are two script downloaders - Trojan.JS.Agent.xy and Exploit.JS.Agent.agc - and Naraine cites these as prime examples of the type of programs used in drive-by downloads.

He says a total of 45 190 unique malicious, advertising, and potentially unwanted programs were detected on various users' computers in April, a figure equal to the previous month.

The first Top 20 is based on data collected by Kaspersky Lab's version 2009 anti-virus product, and is made up of malicious programs, adware and potentially unwanted programs most frequently detected on users' computers.

The second Top 20 presents data on which malicious programs most commonly infected objects detected on users' computers. Malicious programs capable of infecting files make up the majority of this ranking.