Kido remains active

Kaspersky Lab's monthly malware statistics for September reveal that Conficker or Kido remains active in the top threats.

Kido.ih, the leader of this Top 20 for the last six months, has been joined by another variant, Kido.ir, a newcomer to the rankings.

The first Top 20 lists malicious programs, adware and potentially unwanted programs that were detected and neutralised when accessed for the first time.

“New entries in this month's rating include a new variant of the Wimad multimedia downloader Wimad - Trojan-Downloader.WMA.Wimad.y - which has previously made an appearance in the ratings. This variant doesn't differ fundamentally from previous variants: when it's launched, it tries to download and execute a malicious file, in this case not-a virus:AdWare.Win32.PlayMP3z.a,” says the company.

In addition, says Kaspersky, the Palevo worm is spreading relatively quickly, with two new variants - Palevo.jdb and Palevo.jcn - making it into the ratings. Palevo.jaj, a new entry last month, moved up six places in September, the biggest jump in the month's ratings.

“The increase in the number of these two pieces of malware is mainly due to the fact that they can spread via removable devices, indicating that this propagation method remains extremely effective,” Kaspersky Lab explains.

According to Kaspersky, the most striking feature of the first Top 20 is the amount of self-propagating malware, which continues to make its presence felt.

Kaspersky says there has again been a lot of movement in the second Top 20 since last month. This index presents data generated by the Web anti-virus component, and reflects the online threat landscape, including malicious programs detected on Web pages and malware downloaded to victim machines from Web pages.

This ranking includes two variants of Exploit.JS.Pdfka, the name given to JavaScript files which are detected in PDF documents and used to exploit a range of vulnerabilities in Adobe products. In this case, the malware exploits vulnerabilities in Adobe Reader.

According to the security giant, cyber criminals have been making a determined effort to exploit all vulnerabilities in Adobe products - a number of which have been detected in recent years - regardless of product version. “This increases the possibility of malware being downloaded to unpatched computers. Because of this threat, commonly used software from major vendors (in this case, Adobe) should be updated as soon as security patches are released.”

Exploit.JS.DirektShow and Exploit.JS.Sheat are two malware families which figured in previous ratings. They remain active, with DirektShow.a making a comeback and Sheat.f making its first appearance.

Overall, the trends of the last few months were maintained in September. Web malware bundles designed to exploit the myriad vulnerabilities found in major products are still increasing in number, giving cyber criminals plenty of opportunities for malicious activity.

“Simple iframe-clickers placed on legitimate but infected sites help spread these bundles,” says Kaspersky. “Cyber criminals are able to access these legitimate sites and place malware on them because they have previously used other malware designed to steal confidential data such as passwords.

“These steps all make up a cyclical process of compromise and infection which can be endlessly repeated,” concludes the company.