Byrner
07-09-2008, 09:53 PM
1. Win32/PSW.OnLineGames
Previous Ranking: 2
Percentage Detected: 17.97%
During the month of May 2008, close to 17.97% of all threat detections were flagged as
Win32/PSW.OnLineGames. This identifier denotes a family of Trojans with keylogging
and rootkit capabilities, used to gather login credentials and other information relating
to online games and send it to a remote attacker’s PC.
2. Win32/Adware.Virtumonde
Previous Ranking: 3
Percentage Detected: 5.49%
This detection represents a family of “potentially unwanted” applications used to deliver
advertisements to users’ PCs. Among other actions, while running, it may open multiple
windows containing unwanted advertising material, and it can be very difficult to
automate removal completely.
3. INF/Autorun
Previous Ranking: 1
Percentage Detected: 5.34%
This detection label is used to describe a variety of malware using the file autorun.inf as a
way of compromising a PC. This file contains information on programs meant to run
automatically when removable media (often USB flash drives and similar devices) are
inserted into a computer. ESET NOD32 identifies malware that installs or modifies
autorun.inf files heuristically as INF/Autorun when it isn’t identified as a member of a
more specific family of malware. This group has been our top detection for the past few
months, and still registers strongly: in fact, its repositioning may be partly due to the fact
that the way we report the number one and number two threats has been changed
slightly. However, we think it’s probably more useful to report the trend rather than the
detail of how prevalent individual variants and variant families are.
4. Win32/Pacex.Gen
Previous Ranking: 8
Percentage Detected: 1.65%
The Pacex.gen label designates a wide range of malicious files that use a specific
obfuscation layer. This obfuscation layer has been seen in use mostly in password
stealing Trojans. The .gen suffix means “generic”: that is, the label covers a number of
known variants and may also detect unknown variants with similar characteristics.
5. Win32/Adware.SearchAid
Previous Ranking: 5
Percentage Detected: 1.64%
Characteristically, this type of program is used to direct a browser to display pop-up ads,
and is installed as part of the licensing requirements of another application.
6. Win32/Toolbar.MywebSearch
Previous Ranking: 7
Percentage Detected: 1.35%
This is another Potentially Unwanted Application. In this case, it's a toolbar which
includes a search function that directs searches through MyWebSearch.com, so as to
expose the user to advertising material.
7. Win32/IRCBot.AAH
Previous Ranking: 6
Percentage Detected: 1.31%
The IRCBot.AAH malware family is a group of bot variants commonly used by bot
controllers to gain control of PCs. This malware communicates with and is controlled by
the attacker’s system using the IRC protocol. It copies itself to
C:\windows\system32\IEXPLORES.exe and adds a registry key so that it will be launched
every time the infected system reboots.
8. Win32/Qhost
Previous Ranking: 32
Percentage Detected: 1.09%
The Qhost label designates a group of Trojans that modify the DNS settings on an
infected machine so as to change the way that domain names are mapped to IP
addresses. This is often done so that the compromised machine can’t connect to a
security vendor’s site to download updates, or to redirect attempts to connect to one site
so that another is accessed instead.
9. JS/TrojanDownloader.Wimad.N
Previous Ranking: Unknown
Percentage Detected: 0.76%
This is a common example of a Trojan downloader, a malicious program that tries to
download and execute /install another malicious program from a web site. In this case,
the downloaded program is usually spyware passed off as an MP3 player.
10. Win32/Agent
Previous Ranking: 5
Percentage Detected: 0.75%
ESET NOD32 uses this generic detection to pick up a wide range of malicious programs,
as they are part of a family that steals user information from infected PCs.
This malware usually copies itself into temporary locations and add keys to the registry
so that this file (or similar ones created randomly in other operating system folders) will
launch the malicious process at every system startup.
Source: http://www.eset.ie/
Previous Ranking: 2
Percentage Detected: 17.97%
During the month of May 2008, close to 17.97% of all threat detections were flagged as
Win32/PSW.OnLineGames. This identifier denotes a family of Trojans with keylogging
and rootkit capabilities, used to gather login credentials and other information relating
to online games and send it to a remote attacker’s PC.
2. Win32/Adware.Virtumonde
Previous Ranking: 3
Percentage Detected: 5.49%
This detection represents a family of “potentially unwanted” applications used to deliver
advertisements to users’ PCs. Among other actions, while running, it may open multiple
windows containing unwanted advertising material, and it can be very difficult to
automate removal completely.
3. INF/Autorun
Previous Ranking: 1
Percentage Detected: 5.34%
This detection label is used to describe a variety of malware using the file autorun.inf as a
way of compromising a PC. This file contains information on programs meant to run
automatically when removable media (often USB flash drives and similar devices) are
inserted into a computer. ESET NOD32 identifies malware that installs or modifies
autorun.inf files heuristically as INF/Autorun when it isn’t identified as a member of a
more specific family of malware. This group has been our top detection for the past few
months, and still registers strongly: in fact, its repositioning may be partly due to the fact
that the way we report the number one and number two threats has been changed
slightly. However, we think it’s probably more useful to report the trend rather than the
detail of how prevalent individual variants and variant families are.
4. Win32/Pacex.Gen
Previous Ranking: 8
Percentage Detected: 1.65%
The Pacex.gen label designates a wide range of malicious files that use a specific
obfuscation layer. This obfuscation layer has been seen in use mostly in password
stealing Trojans. The .gen suffix means “generic”: that is, the label covers a number of
known variants and may also detect unknown variants with similar characteristics.
5. Win32/Adware.SearchAid
Previous Ranking: 5
Percentage Detected: 1.64%
Characteristically, this type of program is used to direct a browser to display pop-up ads,
and is installed as part of the licensing requirements of another application.
6. Win32/Toolbar.MywebSearch
Previous Ranking: 7
Percentage Detected: 1.35%
This is another Potentially Unwanted Application. In this case, it's a toolbar which
includes a search function that directs searches through MyWebSearch.com, so as to
expose the user to advertising material.
7. Win32/IRCBot.AAH
Previous Ranking: 6
Percentage Detected: 1.31%
The IRCBot.AAH malware family is a group of bot variants commonly used by bot
controllers to gain control of PCs. This malware communicates with and is controlled by
the attacker’s system using the IRC protocol. It copies itself to
C:\windows\system32\IEXPLORES.exe and adds a registry key so that it will be launched
every time the infected system reboots.
8. Win32/Qhost
Previous Ranking: 32
Percentage Detected: 1.09%
The Qhost label designates a group of Trojans that modify the DNS settings on an
infected machine so as to change the way that domain names are mapped to IP
addresses. This is often done so that the compromised machine can’t connect to a
security vendor’s site to download updates, or to redirect attempts to connect to one site
so that another is accessed instead.
9. JS/TrojanDownloader.Wimad.N
Previous Ranking: Unknown
Percentage Detected: 0.76%
This is a common example of a Trojan downloader, a malicious program that tries to
download and execute /install another malicious program from a web site. In this case,
the downloaded program is usually spyware passed off as an MP3 player.
10. Win32/Agent
Previous Ranking: 5
Percentage Detected: 0.75%
ESET NOD32 uses this generic detection to pick up a wide range of malicious programs,
as they are part of a family that steals user information from infected PCs.
This malware usually copies itself into temporary locations and add keys to the registry
so that this file (or similar ones created randomly in other operating system folders) will
launch the malicious process at every system startup.
Source: http://www.eset.ie/