The top 10 most prevalent malware threats for the month of September were:

  1. Trojan.Win32.Generic!BT           23.54%
  2. Trojan-Spy.Win32.Zbot.gen      4.27%
  3. Trojan.Win32.Generic!SB.0       4.06%
  4. Trojan.Win32.Generic.pak!cobra 3.04%
  5. INF.Autorun (v)                              2.3%
  6. Worm.Win32.Downad.Gen (v)  1.44%
  7. Trojan.HTML.FakeAlert.e (v)   1.09%
  8. PlaySushi                                           1.08%
  9. FraudTool.Win32.FakeAV.gen!droppedData (v) 0.91%
  10. Trojan.Win32.Malware.a            0.83%

GFI VIPRE ThreatNet™ statistics for the month of September show a staggeringly consistent attack primarily by the same Trojan horse programs that have persisted for several months. Several of the top threats were unchanged from the past two months. Trojans detected as Trojan.Win32.Generic!BT were still the chief detection, slightly down to 23.54 percent of total detections. This generic detection includes more than 120,000 traces of malicious applications and has been in the top spot for many months: in August, with 25.11 percent, in July with 29.08 percent and in June with 27.16 percent of the total detections.

The number two detection has not changed rankings from last month either. Trojan-Spy.Win32.Zbot.gen is a detection of password-stealing Trojans with many versions. The third largest detection, Trojan.Win32.Generic!SB.0, moved up from fifth place last month and is the generic detection for password-stealing Trojan horse programs. These install key loggers which record keystrokes and send the data to the malicious operators who distribute the malware.

“These detections are evidence of the activities of botnet operators. They use their networks to pump out the spam that’s intended to infect machines,” said Francis Montesino, manager of the malware processing team, GFI Labs.

“Trojan.HTML.FakeAlert.e (v), which is in the number seven spot, is a detection for malicious Web pages that display false warnings to scare victims into downloading malware – commonly referred to as rogue security products or “scareware,” said Tom Kelchner, research center manager, GFI Labs. “We’re seeing a steady flow of new rogues too – one or two per week. Judging by our ThreatNet reports, VIPRE installations are stopping a lot of the rogue downloaders.”

The top 10 results represent the number of times a particular malware infection was detected during VIPRE and CounterSpy scans that report back to ThreatNet, GFI’s community of opt-in users. These threats are classified as moderate to severe based on method of installation among other criteria established by GFI Labs. The majority of these threats propagate through stealth installations or social engineering.

The report of the top 10 most prevalent malware threats for the month of September 2010 is compiled from monthly scans performed by our award-winning anti-malware solution, VIPRE® Antivirus, and our antispyware tool, CounterSpy®, and is a service from GFI Labs™.