There was no change to the top five malicious programs in the Kaspersky Top 20 list for February, although judging by the number of infections, the Kido epidemic has eased off slightly.
This is according to Kasperky Lab, which says a program designed to take advantage of vulnerabilities in a variety of software products, Exploit.JS.Aurora.a, was widely used last month and consequently entered the ratings in seventh place.
“Other newcomers to the first top 20, which lists malicious programs, adware and potentially unwanted programs that were detected and neutralised when accessed for the first time, included two adware programs,” says Kaspersky.
Firstly, it describes FunWeb.q, in 20th place, as a perfect example of an adware program. “It's a toolbar for popular browsers and provides users with easy access to resources on some Web sites, usually those with multimedia content. It also modifies the pages visited so that these pages display adverts.”
AdWare.Win32.RK.aw, coming in at number 13, is rather more complex, the company says. “This RelevantKnowledge application spreads and is installed along with other software products.
RelevantKnowledge's privacy policy and ULA says the program tracks virtually all user activity, particularly Internet activity, automatically collecting personal information and saving it to the company's servers. It also claims all the data collected is used exclusively to 'help shape the future of the Internet' and is well secured.
Speaking of the second top 20, which presents data generated by the Web anti-virus component, and reflects the online threat landscape, the security company says this ranking includes malicious programs detected on Web pages and malware downloaded to victim machines from Web pages.
“The state of affairs regarding malware on the Internet in February was quite remarkable, which is reflected in our second rating,” says Kaspersky. “Firstly, there was a dramatic surge in Gumblar.x, which has once again regained top spot after virtually disappearing completely in January.
“Last month, we suggested there might be another Gumblar attack and it didn't take long to materialise. However, the cyber criminals approach remains the same, and they have only gathered new data that can be used to access Web sites prior to infecting them en masse.”
Secondly, the Pegel epidemic that began in January, grew nearly six-fold, says Kaspersky. “There are four representatives of this family among the new entries, one of which made it straight to third place. This is a downloader program in some ways similar to Gumblar, in so far that it infects perfectly legitimate Web sites. A user that visits an infected site is redirected by the malicious script to a cyber criminal resource. To ensure users don't suspect anything, the names of popular Web sites are used in the addresses of malicious pages.”
At number nine in the second rating, Aurora.a targets the CVE-2010-0249 vulnerability. It was discovered following the massive targeted attack on several versions of IE in January that was extensively covered in the media.
According to Kaspersky, the attack targeted major organisations and was designed for the purpose of gaining access to personal data and corporate intellectual property such as project source code. The attack was carried out using e-mails with links to malicious sites; these sites contained exploits which resulted in the main executable file being stealthily downloaded to victim machines.
The security giant says that surprisingly, Microsoft's programmers have been aware of this loophole for a number of months, but it was only patched a month after it began being exploited.
“It's worth pointing out that during that time, the source code of the exploit became publicly available, and only the laziest cyber criminals failed to use it in their attacks: our collection already has more than a hundred malware variants that exploit this vulnerability.”
Share
