GFI Software, a leading IT solutions provider for small and medium-sized enterprises, today announced the top 10 most prevalent malware threats for the month of November 2010. The report, compiled from monthly scans performed by GFI's award-winning anti-malware solution, VIPRE® Antivirus, and its antispyware tool, CounterSpy®, is a service of GFI Labs™.
As in recent months, Trojans dominated the threat landscape in November. ThreatNet data revealed that seven of the top 10 malware threats were classified as Trojans. The number-one detection, Trojan.Win32.Generic!BT, is a Trojan comprising over 20 percent of the ThreatNet detections.
Tom Kelchner, GFI Software communications and research analyst said, "There is another picture in the top-10 numbers. Three of them go after applications or server software that hasn't been patched. The number six detection, Exploit.PDF-JS.Gen (v), tries to exploit a security flaw in PDF files with embedded JavaScript. That's aiming at Adobe products. It often installs downloaders that pull down other malware from remote Web sites."
Worm.Win32.Downad.Gen (v,) the Downadup worm (also called Conficker and Kido) in the number seven spot, is a worm that spreads across a network by taking advantage of a vulnerability in Windows Server service which allows remote code execution when file sharing is enabled. This vulnerability was patched some time ago.
Trojan.ASF.Wimad (v), in the number nine spot, is a VIPRE detection for a group of Trojanized Windows media files that exploit an old vulnerability in Windows Media Player. It redirects the victim's browser to a web site to download malicious files. This is also is an old vulnerability that's been fixed.
"If this malcode is still circulating, it means that the malcode writers are seeing a landscape with lots of unpatched and vulnerable machines. The conclusion is pretty clear for both enterprises and consumers: update Windows operating systems (including servers), browsers, Adobe products and media players and keep them updated," said Kelchner.
ThreatNet is GFI Lab's monitoring system that retrieves real-time data from VIPRE installations. Statistics come from tens of thousands of machines running VIPRE.
Top 10 detections for November
Detection Type Percentage
1. Trojan.Win32.Generic!BT Trojan 22.44
2. Trojan-Spy.Win32.Zbot.gen Trojan 3.88
3. Trojan.Win32.Generic.pak!cobra Trojan 3.53
4. Trojan.Win32.Generic!SB.0 Trojan 3.46
5. INF.Autorun (v) Trojan 1.83
6. Exploit.PDF-JS.Gen (v) Exploit 1.45
7. Worm.Win32.Downad.Gen (v) Worm.W32 1.42
8. Trojan.Win32.Malware.a Trojan 0.83
9. Trojan.ASF.Wimad (v) Trojan 0.76
10. Trojan.Win32.Meredrop Trojan Downloader 0.68
About GFI Labs
GFI Labs, formerly known as SunbeltLabs, specialises in the discovery and analysis of dangerous vulnerabilities (i.e., security holes, bugs, maligned features or combination of operations) that could be exploited for Internet and email attacks. The research team actively researches new malware outbreaks, creating and testing new threat definitions on a constant basis.
About GFI
GFI Software provides web and mail security, archiving and fax, networking and security software and hosted IT solutions for small to medium-sized enterprises (SMEs) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMEs, GFI satisfies the IT needs of organisations on a global scale. The company has offices in the United States, United Kingdom, Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner.