My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to the news list

March 2008 virus activity review from Doctor Web, Ltd.

April 2, 2008

The virus monitoring service of Doctor Web, Ltd. has analyzed viral activities in March 2008.

The variation of the malware that writes itself to the MBR and uses rootkit technologies to hide its presence in the system (now often called a bootkit) surely became the event of the month. The bootkit entered the Dr.Web database as BackDoor.MaosBoot with its dropper added as Trojan.Packed.370. The creators of the malware tried to make it extremely difficult for an anti-virus to cure the bootkit, however, once again Dr.Web anti-virus has proven its high technology — the latest Dr.Web scanner version features a unique algorithm for detection and curing BackDoor.MaosBoot without resorting to any advanced system tools.

Strange as it seems, but spreading Trojan.PWS.LDPinch.1941 via ICQ also became an event worth mentioning. Doctor Web, Ltd. support staff received a lot of messages on infection by the Trojan from users. Morever, the Trojan executable was modified several times to avoid detection by anti-virus applications but all the variations were promptly added to the Dr.Web database.

The new social engineering trick used to lure a user into downloading the malware should also be mentioned — a reply-message from a recruiting company offering to enter personal data in a special form and providing a link to the "form”. Actually the "form" is a malicious program detected by Dr.Web ainti-viruses as Trojan.Sentinel. Spam
Apart from messages used to spread malware March saw offerings of spam mailing based on addresses databases of Russia, Ukraine and other CIS countries or tax evasion schemes and construction companies advertising which prevailed over other subjects.

March 2008 virus statistics

Table 1. 20. Most prevailing viruses detected on mail servers

 01.03.2008 - 31.03.2008 
1Win32.HLLM.Netsky.35328105766 (27.39%)
2Win32.HLLM.Beagle41605 (10.77%)
3Win32.HLLM.Netsky.based31333 (8.11%)
4Win32.HLLM.Netsky27742 (7.18%)
5Win32.HLLM.MyDoom.based24745 (6.41%)
6Win32.HLLW.Autoruner.43724194 (6.27%)
7BackDoor.Bulknet.16021230 (5.50%)
8Exploit.MS05-05312839 (3.33%)
9Win32.HLLP.Sector10941 (2.83%)
10Win32.HLLM.Oder9966 (2.58%)
11Win32.HLLM.Perf9901 (2.56%)
12Win32.HLLM.MyDoom.338089132 (2.36%)
13Win32.Virut5844 (1.51%)
14Win32.HLLM.Netsky.240644936 (1.28%)
15Win32.HLLM.Netsky.280083885 (1.01%)
16Win32.HLLM.Limar.22463389 (0.88%)
17Win32.HLLM.MyDoom.332706 (0.70%)
18Win32.HLLM.MyDoom.544642577 (0.67%)
19Win32.HLLM.Beagle.271362471 (0.64%)
20Win32.HLLM.Netsky.286722413 (0.62%)

Table 2. 20 Most prevailing viruses detected on users` computers.

 01.03.2008 - 31.03.2008 
1Trojan.Click.17013616364 (20.89%)
2DDoS.Kardraw450246 (15.26%)
3Win32.HLLW.Autoruner.437172355 (5.84%)
4Win32.HLLM.Generic.440111179 (3.77%)
5Trojan.Inject.54487221 (2.96%)
6VBS.Igidak70310 (2.38%)
7Win32.HLLP.Jeefo.3635257627 (1.95%)
8Win32.HLLW.Autoruner.27456683 (1.92%)
9VBS.Generic.54847483 (1.61%)
10Win32.HLLM.Perf46448 (1.57%)
11BackDoor.Aimbot44304 (1.50%)
12Win32.HLLP.PissOff.3686443343 (1.47%)
13Trojan.Recycle37074 (1.26%)
14Win32.HLLM.Lovgate.235061 (1.19%)
15Win32.HLLM.RoRo34935 (1.18%)
16Win32.HLLP.Zurx33725 (1.14%)
17Win32.Alman33487 (1.13%)
18Win32.HLLP.Neshta26549 (0.90%)
19Win32.HLLW.Autoruner.142226026 (0.88%)
20Adware.BitAcc24331 (0.82%)

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments