This month’s MSRT shows the following top ten most prevalent threat families as of May 19.  The newly added and blogged rogue family, Win32/Winwebsec, is ranked at #17 with 34,792 infected machines. 

Family

Most Significant Category

Detections

Infected Machines

Ranking change

Win32/Taterf

Worms

347,424

343,515

=

Win32/Alureon

Miscellaneous Trojans

256,998

248,341

+

Win32/Frethog

Password Stealers and Monitoring Software

96,922

95,581

-

Win32/Bancos

Password Stealers and Monitoring Software

97,389

92,565

+

Win32/Koobface

Worms

79,993

78,113

+

Win32/Renos

Trojan Downloaders and Droppers

76,304

75,118

=

Win32/Cutwail

Trojan Downloaders and Droppers

95,726

74,400

-

Win32/Vundo

Miscellaneous Trojans

67,322

65,233

+

Win32/Virut

Viruses

78,896

53,995

+

Win32/Lolyda

Password Stealers and Monitoring Software

54,871

51,050

+


A few key takeaways from this telemetry:

  • Out of the top 10 threat families six moved higher in ranking compared to last month.  Some of these six threat families like Alureon and Vundo have been around for more than two years while other like Koobface (refer to the recent MMPC Koobface blog) have only been seen in the ecosystem for several months.  This indicates each threat has its own lifecycle and it appears that sometimes malware authors are willing to reinvest in their existing distributions instead of moving to somewhere else.
  • Three of the top 10 are password stealer threats.  In fact there are five if you count those two worms, Taterf and Koobface, both of which have critical payload of stealing user data.  Or consider six - Alureon trojan goes for users’ password and credit information as well. Adding them together there are 859,842 machines infected by password stealer threats when we are only talking about the top 10 threats.  Note this is not a direct sum since some machines were infected by more than one of these threats.
  • Renos continues to be high on the list and is a major distribution channel for fake Antivirus programs.
  • Cutwail drops slightly but stays in the top 10.  This is a spambot that we’ve discussed in different venues including in the recent Waledac blog.

So, not much of a surprise but worth taking note - identity theft, rogues and spammer highly occupy the top 10.  Criminals are going after your wallet especially at this recession time. Be safe.  Make sure you have firewall and AV product installed on your system.

Scott Wu