My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to the news list

Doctor Web, Ltd. September virus&spam review

October 1, 2007

Virus Monitoring Service of Doctor Web, Ltd. reports on virus events in September 2007.

Comparing to other months, in September the virus environment kept relatively calm. Trojan.Packed.142, or the so-called Storm Worm spread with another headline offering users to download a free game, or NFL on-line player, or the Tor program for anonymous web-surfing. Such a disguise is considered a conventional demonstration of social engineering technique. The latest distributions of Storm Worm turned out to be of less scalable than the initial ones, disguised as postcards and aiming at frequent updates of the distributed program. Trojan.Packed.142 turned infected computers into bots in a P2P-network and as a result they started distributing spam or launching DDoS-attacks against targeted anti-spam agencies.

Another virus event that failed to escape public attention was a new worm classified as Win32.HLLW.Crazy. It spread via Skype and flash-carriers following Win32.HLLW.Autoruner, Win32.HLLW.Sishen worms and the likes.

Win32.HLLM.Beagle turned more active but its distribution was far from epidemic. The new modification of Win32.HLLM.Beagle has the same functionality as that of the last year, however, with a different program modules’ packer.

Trojan.Plastix updates should be noted, too. If your computer is infected by Trojan.Plastix, you’re welcome to contact Technical Support Service of Doctor Web, Ltd. to recover your system from the malware.

September 2007 spam review

A new method of evading spam-filters by placing a set of senseless symbol-combinations like ":", "\", "(",")" instead of conventional text decimation or replacing certain letters by symbols flashed out and faded pretty soon within few days.

English pharmacological spam and software offers have noticeably increased in volume.

Russian spam proves the most diverse still, ranging from web-site promotional offers and heating systems or climate control offers to spam-distribution offerings and the likes.

16316 entries were added in September 2007 to Dr.Web virus database.

Below goes a short summary table of online check for this month:

Virus name Quantity
VBS.Psyme.239 1493
Trojan.SCKeyLog.209 311
VBS.PackFor 223
Trojan.PWS.LDPinch 135
Trojan.Packed.142 134
Trojan.Peflog.31 127
Trojan.Packed.166 114
Win32.HLLM.Wukill 90
Win32.HLLW.Crazy 78
Trojan.PWS.Gamania 43

Here is also a summary table of viruses detected by Dr.Web on mail servers in September, 2007:

Virus name % of total quantity
Win32.HLLM.Netsky.35328 22.72
Wi32.HLLM.Graz 12.84
Win32.HLLM.MyDoom.based 8.99
Win32.HLLM.Beagle 8.23
Win32.HLLM.Netsky 7.22
Win32.HLLM.Netsky.based 5.81
Win32.HLLM.Limar.based 4.69
Win32.HLLP.Sector 3.67
Win32.HLLM.Perf 3.01
Exploit.MS05-053 2.66
Win32.HLLM.Oder 1.85
Win32.HLLM.MyDoom.33808 1.80
Win32.LazyAdmin.32768 1.59
Trojan.DownLoader.32557 1.20
Win32.HLLM.Beagle.pswzip 1.00
BackDoor.IRC.Sdbot.1933 0.88
Win32.HLLM.Netsky.24064 0.78
Win32.HLLM.Netsky.41985 0.72
Win32.HLLM.Netsky.28008 0.65
BackDoor.Bulknet.61 0.63
Other malware 9.06

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments