Defend what you create

Other Resources


My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to news

January 2007 virus review by Doctor Web, Ltd.

February 1, 2007

The beginning of 2007 demonstrated that virus writers hadn’t meant to hang around during New Year holidays. They were inventing new traps for users – such as spam letters offering a video of Saddam Hussein’s execution which took place on December 30th, 2006 in secrecy. Later on there emerged some mobile-made shots of it. A few malware upgrades, classified by Doctor Web, Ltd. experts as Trojan.DownLoader.17224, spread over the world. Being run, these malware downloaded and executed confidential information stealers – Trojan.PWS.Banker.6321, Trojan.PWS.Banker.6322, Trojan.PWS.Banker.6276. Since the video is run by media-player, users may simply have no notion about the information leak.

Another spam video, detected by Dr.Web Anti-virus as BackDoor.Groan, Trojan.Spambot, has proved the increased popularity of spread in spam political plots. According to mail servers’ statistics, e-mails with BackDoor.Groan comprise 87-90% of the whole infected traffic. Being run, the attached file adds to the infected system a driver, which further on downloads other malware. In addition BackDoor.Groan is able to run in peering systems, formed to manage certain hosts of the web, as well as initiate unauthorized downloads and launch of files on infected computers.

The malware downloaded by BackDoor.Groan has been regularly upgraded during quite a long term. As statistics quotes, the upgrades took place twice a day, making their detection even more difficult.

Yet, showy political headlines are not out of the ordinary. Remember Internet worm Win32.Dref, which copies spread all over the world with nuclear war alarm in the headline in November 2006.

Creators of Win32.HLLM.Limar mail worm released new upgrades of their "off-spring" on January 15th and 23rd , as if congratulating users and anti-virus companies on the New Year and celebrating the malware 5 months anniversary in this way. Several versions of the network-aware worm of the Chinese origin infecting exe-files, classified by Dr.Web Anti-virus as Win32.HLLP.Whboy, were detected in January, too by experts of Doctor Web, Ltd. Some of the versions had only a propagating function, without exe-files infecting mechanism. The warm resulted in local epidemics all around of North Korea and in some USA and European regions. Win32.HLLP.Whboy propagates through vulnerabilities in browsers when a user visits a specially designed web-page. In addition to its diffusion on the web, the worm copies itself onto movable media, if there are any connected to it at the moment of infection.

Virus statistics by Doctor Web, Ltd. in January, 2007

6368 entries were added to Dr.Web virus database in January, 2007.

Find below a short summary table of online check in January:

Virus name Quantity
Win32.HLLM.Limar.based 416
Trojan.Spambot 307
Win32.HLLM.Wukill 222
Win32.HLLM.Beagle 141
Win32.HLLW.Limar 143
Trojan.Popuper 128
VBS.Psyme.239 121
Win32.Sector.28682 58
Win32.HLLM.Perf 57
Trojan.Packed.2 42

Below goes a table of the most frequently detected viruses in mail servers and networks protected by Dr.Web Enterprise Suite in January, 2007:

Virus name Percentage rate
Trojan.Bankfraud.272 22.47
BackDoor.Groan 12.48
Win32.HLLM.Limar.based 10.92
Win32.HLLM.Beagle 8.89
Win32.HLLM.Perf 6.98
Win32.HLLP.Sector 6.42
Win32.HLLM.Netsky.35328 5.41
Trojan.Packed.4 4.03
Win32.HLLM.MyDoom.based 3.06
Win32.HLLM.Netsky.based 2.93
Trojan.DownLoader.17767 2.04
Win32.HLLM.MyDoom.33808 1.46
Trojan.Spambot 1.44
Win32.HLLM.Graz 0.87
Trojan.Packed.3 0.81
Trojan.Packed.5 0.75
Program.RemoteAdmin 0.61
Win32.HLLM.MyDoom.49 0.60
Win32.HLLM.Limar 0.58
Exploit.MS05-053 0.53
Other malware 6.72

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments

The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
24/7 tech support

Dr.Web © Doctor Web
2003 — 2021

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124