GoIPNow Security NetWork

         Home       Thai     Eng
Your Flash Player is Old Version Please Download New Version Here

News GoIPNow

GoIPNow Logo  Monthly Malware Statistics: November 2008


Two Top Twenties have been compiled from data provided by the Kaspersky Security Network in November 2008. The first Top Twenty is made up of those malicious programs most frequently detected on users’ computers by the 2009 antivirus products.


Position Change in position Name
1 3 Virus.Win32.Sality.aa 
2 0 Packed.Win32.Krap.b 
3 New Trojan-Downloader.WMA.GetCodec.c 
4 -1 Worm.Win32.AutoRun.dui 
5 3 Trojan-Downloader.Win32.VB.eql 
6 New Worm.Win32.AutoRun.rja 
7 0 Packed.Win32.Black.a 
8 New Exploit.JS.RealPlr.nn 
9 New Trojan-Downloader.JS.Tabletka.a 
10 -5 Trojan-Downloader.JS.IstBar.cx 
11 -1 Trojan.Win32.Agent.abt 
12 New Trojan-Downloader.Win32.Agent.anje 
13 2 Virus.Win32.VB.bu 
14 New Worm.Win32.Mabezat.b 
15 New Worm.Win32.AutoRun.eee 
16 0 Email-Worm.Win32.Brontok.q 
17 -8 Virus.Win32.Alman.b 
18 -7 Worm.VBS.Autorun.r 
19 New Trojan-Downloader.JS.Iframe.yp 
20 New Trojan.Win32.Autoit.ci 

In November, Sality.aa made it to the top of the table. There has been a sharp increase in the number of computers infected by this malicious program during the last two months, and last month’s prediction – that an epidemic was looming – has come true, with new versions of the virus appearing several times a week.

This month GetCodec.c fulfils a similar function to that of Wimad.n last month – it exploits a documented, but little known functionality in the ASF format. Given that multimedia is an inseparable part of today’s electronic world, there are good grounds to expect that other, similar malicious programs will appear.

There are two new script downloaders in the rankings - Trojan-Downloader.JS.Tabletka.a and Trojan-Downloader.JS.Iframe.yp – along with three worms, two of which are from the Autorun family which is expanding by leaps and bounds. Given the effectiveness with which Autorun worms propagate, we can only expect an increase in the number of machines infected by these programs. Incidentally, the third new worm, Mabezat.b, leads our second Top Twenty.

All the malicious, advertising and potentially unwanted programs which are included in the Top Twenty can be grouped into three broad classes. The share taken by Trojan programs has dropped another 10%, with the share of self-replicating programs growing from 30% to 45%, a fact which is both significant and alarming.

In total, 45,690 unique malicious, advertising, and potentially unwanted programs were detected on users’ computers during November. There has been a steady increase in the number of threats found in the wild, with a final figure for the month of 6,500.

The second Top Twenty presents data on which programs most often infect objects detected on users’ computers. Naturally, this rating mainly contains malicious programs which are capable of infecting files.

Position Change in position Name
1 0 Worm.Win32.Mabezat.b 
2 1 Virus.Win32.Sality.aa 
3 1 Net-Worm.Win32.Nimda 
4 -2 Virus.Win32.Xorer.du 
5 1 Virus.Win32.Parite.b 
6 1 Virus.Win32.Virut.n 
7 -2 Virus.Win32.Alman.b 
8 0 Virus.Win32.Sality.z 
9 1 Virus.Win32.Small.l 
10 2 Email-Worm.Win32.Runouce.b 
11 -2 Virus.Win32.Virut.q 
12 3 Virus.Win32.Parite.a 
13 4 Worm.Win32.Fujack.k 
14 -1 Worm.Win32.Otwycal.g 
15 -1 Virus.Win32.Hidrag.a 
16 New P2P-Worm.Win32.Bacteraloh.h 
17 Return Worm.VBS.Headtail.a 
18 -2 Trojan.Win32.Obfuscated.gen 
19 1 Virus.Win32.Neshta.a 
20 -2 Trojan-Downloader.WMA.GetCodec.b 

There have been few changes in these rankings over the course of the month; a single new program, and one which returned to the rankings. This confirms the view voiced last month that the contents of this Top Twenty are relatively stable.

The new addition, a worm called Bacteraloh.h, was first detected by Kaspersky Lab in January 2007. This extremely old worm made it into the second ranking because it is used in some modifications of the Sality virus. And that virus family, as we have already noted, is very active at the moment.

Worm.VBS.Headtail.a, which fell off the bottom of the rankings in September, has now returned. As this malicious program has appeared and vanished from the rankings several times, it seems safe to say that its volatile behaviour will continue for some time.



        all News

GoIPNow Logo BalaBit Presents Syslog-ng Store Box
Centralized logging helps organizations in policy compliance.


GoIPNow Logo Reliablilty and Compliance - Syslog-ng PE 3.0
The syslog-ng Premium Edition v3.0 application has been released. It offers high-level security and availability on the market of logging infrastructures.


GoIPNow Logo Government Data Loss: Double Standard
One of the greatest challenges to network security is the illegitimate use of legitimate access - insider abuse. There are a number of insider abuse cases in the headlines, from the Countrywide employee that grabbed 20,000 customer records every Sunday for nearly two years, to the recently disclosed State Department Breach.


GoIPNow Logo What we can learn from Obama's digital campaign
Paul Brennan, CEO of Zeus Technology, the company that powered Obama’s online fundraising efforts reflects on the new President’s online campaign and explains why the UK political scene has a lot to learn.


GoIPNow Logo Economic Uncertainly? Maybe it's Good Thing...
I see this economic downturn as an incredible opportunity for TriGeo. We’re in the best position out of all our competitors to weather this storm. TriGeo is profitable, cash flow positive, has a huge cash reserve and is debt free. I’m certain you won’t find any other private SIEM vendor who can say the same.


GoIPNow Logo Guest comment: Christmas time, mistletoe and downtime
With online retail forecast to hit its peak this week, Paul Brennan, CEO of online delivery specialist Zeus Technology, offers advice on how to manage online traffic.


GoIPNow Logo Syslog-ng Store Box (SSB)
BalaBit syslog-ng Store BOX (SSB) offers a simple, reliable, and convenient way of collecting log messages centrally. It is essentially a high- capacity log server with high-availability support. Being able to collect logs from several different platforms makes it easy to integrate into any environment.


GoIPNow Logo Monthly Malware Statistics: November 2008
Two Top Twenties have been compiled from data provided by the Kaspersky Security Network in November 2008. The first Top Twenty is made up of those malicious programs most frequently detected on users’ computers by the 2009 antivirus products.


GoIPNow Logo Several Leading Companies Select ZeroOutages For Internet Uptime, Bandwidth Management, Redundancy And Peace-of-Mind
Irvine, CA, November 3, 2008 - XRoads Networks, the worldwide leader in Unified Bandwidth Management platforms, today announced that three top companies, representing three different industries, have selected the industry-leading ZeroOutages service.


GoIPNow Logo Sawmill and BalaBit Announce Alliance
Sawmill Analytics and BalaBit IT Security agree on technical and commercial cooperation 30 January 2008, Swindon UK .............Sawmill Analytics and BalaBit Security today announce their far-reaching commercial and technical cooperation designed to provide an integrated log management/data intelligence solution that will benefit both sets of customers worldwide. Under the agreement Sawmill Analytics will offer full technical and commercial support for the syslog-ng family offering enterprise level data access and collection coupled with Sawmill’s world-class analytics and reporting. End users and Resellers will be able to purchase both products from Sawmill Analytics as an integrated solution with a single point of commercial and technical support.