Doctor Web, Ltd. September virus&spam review
October 1, 2007
Virus Monitoring Service of Doctor Web, Ltd. reports on virus events in September 2007.
Comparing to other months, in September the virus environment kept relatively calm. Trojan.Packed.142, or the so-called Storm Worm spread with another headline offering users to download a free game, or NFL on-line player, or the Tor program for anonymous web-surfing. Such a disguise is considered a conventional demonstration of social engineering technique. The latest distributions of Storm Worm turned out to be of less scalable than the initial ones, disguised as postcards and aiming at frequent updates of the distributed program. Trojan.Packed.142 turned infected computers into bots in a P2P-network and as a result they started distributing spam or launching DDoS-attacks against targeted anti-spam agencies.
Another virus event that failed to escape public attention was a new worm classified as Win32.HLLW.Crazy. It spread via Skype and flash-carriers following Win32.HLLW.Autoruner, Win32.HLLW.Sishen worms and the likes.
Win32.HLLM.Beagle turned more active but its distribution was far from epidemic. The new modification of Win32.HLLM.Beagle has the same functionality as that of the last year, however, with a different program modules’ packer.
Trojan.Plastix updates should be noted, too. If your computer is infected by Trojan.Plastix, you’re welcome to contact Technical Support Service of Doctor Web, Ltd. to recover your system from the malware.
September 2007 spam review
A new method of evading spam-filters by placing a set of senseless symbol-combinations like ":", "\", "(",")" instead of conventional text decimation or replacing certain letters by symbols flashed out and faded pretty soon within few days.
English pharmacological spam and software offers have noticeably increased in volume.
Russian spam proves the most diverse still, ranging from web-site promotional offers and heating systems or climate control offers to spam-distribution offerings and the likes.
16316 entries were added in September 2007 to Dr.Web virus database.
Below goes a short summary table of online check for this month:
| Virus name | Quantity |
|---|---|
| VBS.Psyme.239 | 1493 |
| Trojan.SCKeyLog.209 | 311 |
| VBS.PackFor | 223 |
| Trojan.PWS.LDPinch | 135 |
| Trojan.Packed.142 | 134 |
| Trojan.Peflog.31 | 127 |
| Trojan.Packed.166 | 114 |
| Win32.HLLM.Wukill | 90 |
| Win32.HLLW.Crazy | 78 |
| Trojan.PWS.Gamania | 43 |
Here is also a summary table of viruses detected by Dr.Web on mail servers in September, 2007:
| Virus name | % of total quantity |
|---|---|
| Win32.HLLM.Netsky.35328 | 22.72 |
| Wi32.HLLM.Graz | 12.84 |
| Win32.HLLM.MyDoom.based | 8.99 |
| Win32.HLLM.Beagle | 8.23 |
| Win32.HLLM.Netsky | 7.22 |
| Win32.HLLM.Netsky.based | 5.81 |
| Win32.HLLM.Limar.based | 4.69 |
| Win32.HLLP.Sector | 3.67 |
| Win32.HLLM.Perf | 3.01 |
| Exploit.MS05-053 | 2.66 |
| Win32.HLLM.Oder | 1.85 |
| Win32.HLLM.MyDoom.33808 | 1.80 |
| Win32.LazyAdmin.32768 | 1.59 |
| Trojan.DownLoader.32557 | 1.20 |
| Win32.HLLM.Beagle.pswzip | 1.00 |
| BackDoor.IRC.Sdbot.1933 | 0.88 |
| Win32.HLLM.Netsky.24064 | 0.78 |
| Win32.HLLM.Netsky.41985 | 0.72 |
| Win32.HLLM.Netsky.28008 | 0.65 |
| BackDoor.Bulknet.61 | 0.63 |
| Other malware | 9.06 |
Rate
Repost
![[VK]](http://st.drweb.com/static/new-www/social/no_radius/vkontakte.png)
![[Twitter]](http://st.drweb.com/static/new-www/social/no_radius/twitter.png)
Like
![[facebook]](http://st.drweb.com/static/new-www/social/no_radius/facebook.png)
Tell us what you think
To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.
Other comments