- Trojan.Win32.Generic!BT 25.11%
- Trojan-Spy.Win32.Zbot.gen 4.23%
- Trojan.Win32.Generic.pak!cobra 3.61%
- INF.Autorun (v) 3.27%
- Trojan.Win32.Generic!SB.0 2.01%
- BehavesLike.Win32.Malware (v) 1.04%
- Worm.Win32.Downad.Gen (v) 0.96%
- Trojan.Win32.Malware.a 0.93%
- Trojan.Win32.Meredrop 0.92%
- Exploit.PDF-JS.Gen (v) 0.84%
The report is compiled from monthly scans performed by our award-winning anti-malware solution, VIPRE® Antivirus, and its antispyware tool, CounterSpy®, and is a service of GFI Labs™.
GFI VIPRE ThreatNet™ statistics for the month of August show that our customers were under attack primarily by the same Trojan horse programs that have persisted for several months.
In fact, the top four threats were unchanged in order from July. Trojans detected as Trojan.Win32.Generic!BT were still the chief detection, slightly down to 25.11 percent of total detections. This particular Trojan detection has been in the top spot for some time: in July with 29.08 percent and in June with 27.16 percent of the total detections.
The number two detection, Trojan-Spy.Win32.Zbot.gen is a detection of password-stealing Trojans with many versions. The third largest detection, Trojan.Win32.Generic.pak!cobra, is a generic detection for a variety of malware that can infect 32- and 64-bit Windows installations.
“Detections of this malicious code indicate that botnet operators continue to try to infect machines and use them in their spamming networks,” said Francis Montesino, manager of the malware processing team, GFI Labs. “Our ThreatNet detections for the month also agree with other reports we’ve heard in the last few weeks that have found a high level of traffic in rogue security products. These are often referred to as scareware. We’re seeing a multitude of detections of the downloaders and installers that are associated with the rogues.
Montesino continued, “Our research group is analyzing new rogues too, but what we’re seeing through ThreatNet indicates that VIPRE is preventing these rogue downloads.”
The top 10 results represent the number of times a particular malware infection was detected during VIPRE and CounterSpy scans that report back to ThreatNet, GFI’s community of opt-in users. These threats are classified as moderate to severe based on method of installation among other criteria established by GFI Labs. The majority of these threats propagate through stealth installations or social engineering.
About GFI Labs
GFI Labs, formerly known as SunbeltLabs, specializes in the discovery and analysis of dangerous vulnerabilities (i.e., security holes, bugs, maligned features or combination of operations) that could be exploited for Internet and email attacks. The research team actively researches new malware outbreaks, creating and testing new threat definitions on a constant basis.