Solutions Buy Download Information Partners Support Forum About us «Doctor Web» company news (RSS channel)

February virus activity review by Doctor Web, Ltd.

March 4, 2008

February didn’t see any new malware in the wild. Starting at the end of January and up to mid-February Trojan.Packed.357 was being sent out as St. Valentine greetings. Unlike other malicious programs the Trojan executable packer is constantly being changed, the authors of the malicious program also resort to various social engineering techniques to lure users into launching the executable. Launching it places a driver in the Windows installation directory and installs it. The driver has a random name. Dr.Web virus database lists it as Trojan.Spambot.2569. A corresponding entry is also added to the Windows registry. Besides, the malware creates a P2P network configuration file on a hard drive and writes its code to %systemroot%\system32\services.exe. After that it opens random UDP ports and sends out requests to remote hosts, upon receiving a reply it starts sending out spam.

We’d also like to mention spam messages that contained the following words as subject^NEW Full mpeg4 Veronika Zemanova", "NEW Stunning video with a naked celebrity Beyonce", "NEW New sexy songs Salma Hayek", "Stunning video Carmen Electra", "Shocking porno dvd Meg Ryan", "Interesting porno Jennifer Lopez

Such messages provided a link to download an executable detected by Dr.Web anti-virus as Trojan DownLoader 49038.

One more spam mailing contained [postcdard.ru] in its subject and targeted mainly Russian speaking users. A message offered a link to a greeting card. Following it triggered downloading of Trojan.DownLoader.35394. Launching the Trojan downloaded another bunch of malware used to send out spam.

February spam activity summary

Apart from unsolicited mail mentioned above a few words should also be said about an emerged mailing of spam with messages offering downloading commercial software. A share of business related messages and offers of spam mailing based on mailing databases of the CIS has increased.

Statistics

15700 entries have been added to the Dr.Web virus database in February 2008.

 Table 1: February 2008. Top viruses detected on mail servers 
1Win32.HLLM.Netsky.3532878566 (30.60%)
2Win32.HLLM.Beagle24743 (9.64%)
3Win32.HLLM.Netsky24111 (9.39%)
4Win32.HLLM.Netsky.based18699 (7.28%)
5Win32.HLLM.MyDoom.based18031 (7.02%)
6Exploit.MS05-0539163 (3.57%)
7Win32.HLLM.Perf8470 (3.30%)
8Win32.HLLM.MyDoom.338088073 (3.14%)
9Win32.HLLM.Oder7634 (2.97%)
10Win32.HLLM.Limar.22465745 (2.24%)
11Win32.HLLP.Sector4762 (1.85%)
12BackDoor.Bulknet.1453968 (1.55%)
13Win32.HLLM.Netsky.240643606 (1.40%)
14BackDoor.Bulknet.1603144 (1.22%)
15Win32.HLLM.Netsky.280082912 (1.13%)
16Win32.Virut2911 (1.13%)
17BAT.3102509 (0.98%)
18Win32.HLLM.MyDoom.332077 (0.81%)
19Win32.Alman1633 (0.64%)
20Win32.HLLM.Netsky.286721412 (0.55%)
 Table 2. February 2008. Top viruses detected on workstations  
1DDoS.Kardraw929600 (8.95%)
2Win32.HLLM.Generic.440225226 (2.17%)
3Win32.HLLM.Lovgate.2208820 (2.01%)
4Win32.HLLW.Krepper142608 (1.37%)
5VBS.Igidak129691 (1.25%)
6Win32.HLLW.Autoruner.437109673 (1.06%)
7Win32.HLLP.Sector93245 (0.90%)
8Win32.HLLP.Jeefo.3635288048 (0.85%)
9Win32.HLLW.Autoruner.27485987 (0.83%)
10Trojan.Inject.54478436 (0.76%)
11Trojan.Recycle74398 (0.72%)
12Win32.Sector.473113 (0.70%)
13Trojan.Click.1701372738 (0.70%)
14Trojan.AppActXComp69827 (0.67%)
15Win32.HLLW.Autoruner.105368579 (0.66%)
16Win32.HLLM.RoRo64822 (0.62%)
17Win32.HLLW.Autoruner.140862208 (0.60%)
18Trojan.Landa62196 (0.60%)
19Win32.Alman61227 (0.59%)
20Win32.HLLW.Autoruner.126858046 (0.56%)



     Other news

2008-05-13April 2008 virus activity review from Doctor Web, Ltd.
2008-05-07Dr.Web AV-Desk shields four hundred educational institutions of the Russian university network RUNNet
2008-05-06New version of Dr.Web anti-virus scanner for Windows released
2008-05-06Win32.Ntldrbot (aka Rustock.C) no longer a myth, no longer a threat. New Dr.Web scanner detects and cures it for real
2008-05-05Another 17 Russian cities get anti-virus as a service with Dr.Web AV-Desk
2008-05-04Protection against viruses and spam from Doctor Web, Ltd. and Sun Microsystems thoroughly tested
2008-05-04Another Russian ISP launches Dr.Web AV-Desk
2008-05-02Doctor Web – Central Asia Kazakhstan market summary 2007
2008-05-02Doctor Web came to China at the eve of Olympics
2008-04-08PC Magazine Russia: Dr.Web AV-Desk – the best product-as-a-service of 2007
2008-04-07Dr.Web for IBM Lotus Domino – a new product by Doctor Web, Ltd. protecting application servers of enterprises and corporations
2008-04-03Updated Dr.Web Shell Extension library released
2008-04-03Dr.Web for Unix Mail servers and Dr.Web Mail Gateway have been updated to version 4.44.1
2008-04-02March 2008 virus activity review from Doctor Web, Ltd.
2008-04-01Updated version of Dr.Web Enterprise Suite 4.44.2 released
2008-04-01Dr.Web scanner vanquishes BackDoor.MaosBoot once again
2008-04-01Updated modules of Dr.Web anti-virus for Windows workstations released
   Information



   My five cents
 
What is the screen size of your monitor?

12''
14''
15''
17''
19''
more than 19''
other


Doctor Web, Ltd. © 2008 Doctor Web, Ltd. - a Russian company developing and distributing Dr.Web® Anti-virus solutions.
Our customers can be found among home users from all regions of the world and in large enterprises, small companies and nationwide corporations. We thank all of them for support and long-term devotion to our product. State certificates and awards received by the Dr.Web Anti-virus, as well as the geography of our users are the best evidence of exceptional trust to the products created by the talented Russian programmers.