Computer viruses in May

May's rather chilly spring weather in Hungary seems to have been a fertile environment for the rebirth of an old file infecting virus. The background of last month's malware landscape was dominated by botnet-related malicious programs and rogue antivirus attacks, VirusBuster's stats reveal.

The Hungary-based specialist of IT security continuously monitors virus occurrence and activity. Data from VirusBuster's mail protection systems -- in-house and externally deployed alike -- is collected and processed. VirusBuster uses the results to generate monthly statistics of the most frequent infections. These monthly virus toplists are published on the company's website as well (http://www.virusbuster.hu/en/viruslab/virus-toplist).

"An interesting finding in May's catch was Win32.Sality BE. This file infecting virus was first detected last November. Now it resurfaced, with over 4% share. In most cases, it landed in our traps designed for botnet trojans. Obviously, it infected botnet machines, and got distributed by them", explained Gábor Szappanos, the head of VirusBuster's virus lab. "Otherwise, Hungary's malware landscape remained basically the same. We saw the usual high number of botnet-related malicious programs (Backdoor.Nepoe.IF, Worm.Rbot.MCG, TrojanSpy.Bredolab.CCA), and many rogue antivirus attacks (Trojan.Wigon.AE, Trojan.Kryptik.QGV, Trojan.VBKrypt.ALR, Trojan.Sasfis.JFU), though the share of the latter was somewhat lower in May than in the previous months", he said.

Botnets (short for robot networks) are networks of unknowing victim PCs (called zombies) controlled by hackers. Users should get rid of botnet malware as soon as possible, since otherwise they may become accomplices in the cybercriminals' activities, warned Gábor Szappanos.

Trojans are malicious programs, which got their name from the legendary wooden horse built by the Greeks to defeat Troy: They pretend to serve users, but in fact they are designed to cheat their victims. The trojans on VirusBuster's toplist set off (fake) alarm bells warning the user of a virus infection, and then download a rogue antivirus application. The downloaded program promises to clean the machine, but, in reality, either does nothing (the better option), or starts some malicious activity. The user is often charged for such a download, so these trojans are, in fact, tools for fraud. They mostly come in e-mail attachments. Spammers disguise them as some useful file, such as an order confirmation. But beware! Opening the attachment launches the infection mechanism.

VirusBuster's malware toplist for May 2010: