SOURCE: BitDefender

January 31, 2008 08:03 ET

BitDefender Lab's Top 10 Malware List for January Reveals Domination of Malware Exploiting Microsoft Windows Graphics

Stealthier Malware and Spam "Waves" Increase Although Malware Exploiting MS Windows Graphics Top the List

BUCHAREST, ROMANIA--(Marketwire - January 31, 2008) - BitDefender®, a global provider of award-winning antivirus software and data security solutions, announced today that malware exploiting Microsoft Windows graphics dominated the BitDefender Top 10 Malware List for January 2008. According to BitDefender Labs, the malware exploiting Microsoft Windows graphics rendering an engine vulnerability detailed in MS06-001, which was patched post-SP2.

"It is probable that a large number of unpatched copies of Windows exist in the wild, mostly pirated ones which don't download patches to avoid dealing with activation, hence the continued 'popularity' of this exploit among virus writers," said Sorin Dudea, head of BitDefender AV Research.

The Netsky.P mass mailer came up second in prevalence, showcasing again the amazing survivability of such malware, but at much lower overall prevalence than in its heyday (4.35 percent as compared to over 30 percent in the months after the initial outbreak). Other versions of this same virus received lower slots in the top ten.

Another notable piece of malware is a software that retrieves Windows XP activation keys. Appearing at number 3 and known as Spyware.Pws.A by BitDefender AV researchers, this malware is included in the distribution of many current viruses or worms.

BitDefender's January 2008 Top 10 malware list includes:

1.   Exploit.Win32.WMF-PFV      9.67%
2.   Win32.Netsky.P@mm          4.35%
3.   Spyware.Pws.A              3.97%
4.   Win32.Worm.Sohanat.AJ      2.89%
5.   Trojan.Dropper.RNY         1.43%
6.   Win32.NetSky.D@mm          1.25%
7.   Win32.Netsky.AA@mm         1.19%
8.   Trojan.Kobcka.CG           1.07%
9.   Win32.Nyxem.E@mm           1.03%
10.  Trojan.Pandex.AC           0.86%

The trend towards more diverse and stealthier malware seems to continue, as the top ten threats of the month only account for 27percent of the total number of viruses found by BitDefender.

The BitDefender Antispam Lab reports that, in January 2008, image spam is down to about 4 percent of the total spam flow, while the variety of image formats used is growing. The stock spam flow has also decreased dramatically (from 20 percent of total flow in December 2007 to 3 percent this month). On the pharmacy spam front, a herbal medicine called VPXL is seeing heavy promotion (being pushed in about 75 percent of all pharma spam).

The overall variation within spam "waves" (groups of messages sent at roughly the same time by a certain spammer or group) is also on the increase, with only about one in ten waves comprising identical e-mails.

In regards to spammer techniques, this month's innovation is the use of very specific google search result links (e.g:****.com+200-1765+West+8th+Ave&btnI=8503752) instead of actual links to the promoted websites, in an attempt to circumvent url-based spam filters.

"Most of the spam flow is now made up of unique or nearly-unique e-mails, which used increasingly creates, as you may imagine, a need for ever-more sophisticated filters," said Andra Miloiu, spam analyst for BitDefender.

For further details on the latest malware detected in the wild, please visit BitDefender's Defense Portal site at:

About BitDefender®

BitDefender is a leading global provider of security solutions that satisfy the protection requirements of today's computing environment. The company offers one of the industry's fastest and most effective lines of security software, setting new standards for threat prevention, timely detection and mitigation. BitDefender delivers products and services to over 41 million home and corporate users in more than 180 countries. BitDefender has offices in the United States, the United Kingdom, Germany, Spain and Romania. Further information about BitDefender can be obtained by visiting: