Computer viruses in April

While Hungary's political landscape underwent a landslide shift in last month's elections, the malware picture remained basically the same. According to VirusBuster's latest stats, just like in March, Hungarian PC users were bombarded by trojans designed to download fake antivirus programs.

The Hungary-based specialist of IT security continuously monitors virus occurrence and activity. Data from VirusBuster's mail protection systems -- in-house and externally deployed alike -- is collected and processed. VirusBuster uses the results to generate monthly statistics of the most frequent infections. These monthly virus toplists are published on the company's website as well (http://www.virusbuster.hu/en/viruslab/virus-toplist).

"April basically repeated the malware trend we observed in March", says Gábor Szappanos, the head of VirusBuster's virus lab. "Hungarians were mostly harrassed by trojans designed to download fake antivirus applications onto the victim's machine."

Trojans are malicious programs, which got their name from the legendary wooden horse built by the Greeks to defeat Troy: They pretend to serve users, but in fact they are designed to cheat their victims. The trojans on VirusBuster's toplist set off (fake) alarm bells warning the user of a virus infection, and then download a rogue antivirus application. The downloaded program promises to clean the machine, but, in reality, either does nothing (the better option), or starts some malicious activity. The user is often charged for such a download, so these trojans are, in fact, tools for fraud. They mostly come in e-mail attachments. Spammers disguise them as some useful file, such as an order confirmation. But beware! Opening the attachment launches the infection mechanism.

Cybercriminals have even targeted e-mail addresses at Hungary's leading bank, OTP, among others, with such trojan loads. Within less than a month, OTP's name was abused in two waves of this kind of attack. On both occasions, the bank issued a warning on its home page. According to the advisory, fake "otpbank.hu account notification" messages have been sent to hundreds of inboxes. The bank added that they had taken the necessary security and legal steps.

OTP Bank was by no means the only target. According to Gábor Szappanos, several waves of similar messages hit the net in April. The e-mails, which distributed a trojan, had the addressee's domain on their subject line, followed by the expression "account notification".

VirusBuster's malware toplist for April 2010: