Solutions Buy Download Information Partners Support Forum About us «Doctor Web» company news (RSS channel)

February 2007 virus review by Doctor Web

March 04, 2007

Last February was marked by a confrontation between two teams of virus writers: Win32.Dref creators competed with those of Win32.HLLM.Limar for access to users’ computers.

Win32.HLLM.Limar, a mail worm, which peaked in autumn 2006 with its modifications springing up every other day, is gradually giving way to Win32.Dref. When Win32.Dref attacks an infected system, it sets up a driver, detected by Dr.Web Antivirus as BackDoor.Groan, and a number of other malware for self-dissemination and DdoS attacks, targeting both anti-spam adherents’ web-sites and Win32.HLLM.Limar spreaders.

In addition, Win32.Dref modules are regularly upgraded by modification of packers that make their detection even more difficult. To cope with this, special signature records have been added to Dr.Web virus definitions database thus allowing the detection of Win32.Dref regardless of the packer’s modification.

On the other hand, Win32.HLLM.Limar’s creators had to resort to frequent changes of their modules’ download links. Win32.HLLM.Limar became more active by the end of February, but triggered no large outbreak in the long run.

This confrontation reminds of a notorious competition of Win32.HLLM.Beagle, Win32.HLLM.Netsky and Win32.HLLM.MyDoom, fighting for virus Olympus all through years 2003-2004.

It’s only natural that virus writers couldn’t but contribute to St. Valentine’s Day. A few modifications of Trojans, classified by Dr.Web as Trojan.MulDrop.5549 and Trojan.MulDrop.5550 have been sent to users as holiday postcards. When opened, they resulted in a leak of all system passwords.

As Secunia reports, numerous vulnerabilities were found in the Microsoft Internet Explorer, Microsoft Malware Protection and Microsoft Word. These breaches are regarded as critical since they allow for any code to be run on a targeted desktop. On the whole, virus situation like this is no longer out of the ordinary. It keeps timely correction of the vulnerable components in the focus of counteraction.

Virus statistics by Doctor Web, Ltd. in February, 2007

6990 entries have been added to Dr.Web virus database in February, 2007. Find below a short summary table of on-line monthly virus scan at online.drweb.com.

Virus name Quantity
Trojan.Isbar.13 289
Win32.HLLM.Limar 273
Win32.HLLM.Wukill 141
Trojan.Virtumod 96
VBS.Psyme.239 92
Trojan.Peflog.31 77
Trojan.Peflog.30 70
Win32.HLLM.Beagle 69
Win32.HLLW.MyBot 35
Trojan.Packed.14 31

Virus detection in February '07 at mail servers and in networks protected by Dr.Web Anti-virus:

Virus name % of the overall quantity
Trojan.Bankfraud.272 21.44
Win32.HLLM.Beagle 11.11
Win32.HLLM.Perf 7.84
Win32.HLLP.Sector 7.65
Win32.HLLM.Netsky.35328 6.32
Trojan.Packed.8 6.12
Trojan.Packed.14 5.04
Win32.HLLM.MyDoom.based 4.43
Win32.HLLM.Netsky.based 3.53
Win32.HLLM.Limar 3.44
Trojan.Packed.11 2.67
Trojan.Packed.10 2.64
Win32.HLLM.MyDoom.49 2.62
Win32.HLLM.MyDoom.33808 1.86
Trojan.Packed.12 1.48
Win32.HLLM.Graz 1.31
Win32.Parite.1 0.93
Win32.HLLM.Limar.based 0.66
Exploit.IframeBO 0.52
Trojan.Packed.18 0.43
Other malware 7.96



     Other news

2008-09-05Doctor Web against extortion
2008-09-04One of the key players of Telecom market in Smolensk adopts Dr.Web AV-Desk
2008-09-02Subscribers of leading ISP in Belgorod shielded by Dr.Web AV-Desk
2008-09-01August virus activity review from Doctor Web
2008-08-28Intersvyaz starts public testing of the Dr.Web anti-virus service
2008-08-25Leading Russian manufacturer of weapons chooses Dr.Web
2008-08-22Comprehensive protection from Dr.Web for subscribers of Teleos-1
2008-08-19Improved version of GUI-scanner for Dr.Web for Windows released
2008-08-18Dr.Web for Windows standard of anti-virus protection for executive bodies of Permskiy Kray
2008-08-13Doctor Web has released a free decryption utility to counteract the new extortion Trojan.Encoder.19
2008-08-13Dr.Web AV-Desk anti-virus covering for subscribers of Bashinformsvyaz
2008-08-08Doctor Web: statement on Virus Bulletin comparative reviews
2008-08-08Telnet secures its subscribers with Dr.Web anti-virus
2008-08-05July 2008 virus activity review by Doctor Web
2008-08-01Dr.Web AV-Desk now in Ulyanovsk region
2008-07-31Dr.Web AV-Desk deployment summary by Eltel
2008-07-31Dr.Web AV-Desk moves on in Moscow region
2008-07-24Three regions of Moscow protected by Dr.Web AV-Desk
2008-07-23Doctor Web releases new LinkChecker for Mozilla Firefox
2008-07-22Dr.Web AV-Desk chosen by ISP "Hazynet" in Krasnoyarsk
2008-07-18Doctor Web, Ltd. releases Active Directory installer for Dr.Web Enterprise Suite 4.44.3
2008-07-16Dr.Web anti-virus now accessible to subscribers of Infocentre
2008-07-16Doctor Web launches the beta-testing of Dr.Web for MIMEsweeper
2008-07-15Anti-virus protection is delivered to subscribers of Lintecs by Dr.Web AV-Desk
2008-07-15”Nauka-Sviaz” deployed Dr.Web AV-Desk
2008-07-15Dr.Web AV-Desk adopted by three ISPs in Krasnoyarsk
2008-07-15Dr.Web will protect Internet users of GlavSET
2008-07-14Dr.Web anti-virus is the new service for subscribers of SZT
2008-07-14Dr.Web AV-Desk deployed by MajaNet in Estonia
2008-07-12Dr.Web AV-Desk will secure networks of Maginfo
2008-07-11Corrected verson of Dr.Web SpIDer Guard 4.44 released
2008-07-11Dr.Web for IBM Lotus Domino validated by IBM
   Information



   My five cents
 
What is the screen size of your monitor?

12''
14''
15''
17''
19''
more than 19''
other


Doctor Web, Ltd. © 2008 Doctor Web, Ltd. - a Russian company developing and distributing Dr.Web® Anti-virus solutions.
Our customers can be found among home users from all regions of the world and in large enterprises, small companies and nationwide corporations. We thank all of them for support and long-term devotion to our product. State certificates and awards received by the Dr.Web Anti-virus, as well as the geography of our users are the best evidence of exceptional trust to the products created by the talented Russian programmers.