Malware Attacks Drop Off in February

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
After January set records for malware output, the malware volume droppedby 26 percent last month, despite a reported surge in Trojan horseattacks.

''Attacks were down by a lot -- 26.4 percent -- in February,'' says SteveSundermeier, a vice president for Medina, Ohio-based Central Command, ananti-virus and anti-spam company. ''I think a lot of it has to do withthe fact that in January we got the initial seeding for the Kama Sutraworm, which came out on Jan. 18. And we also had the very prolific Soberworm, which disabled itself after the fifth of January. Before that therewere just mass quantities of it.''

Both Sundermeier and Ron O'Brien, senior security analyst with Sophos,Inc., an anti-virus and anti-spam company with U.S. headquarters inLynnfield, Mass, say February gave the anti-virus community and IT andsecurity managers a break after the assaults that pummeled networks inJanuary.

''February returned us to levels we'd seen earlier in 2005,'' saysO'Brien. ''You've got to look at this in the total context. January wasthe highest month ever and February has calmed back down.''

Sophos analysts detected 2,312 new pieces of malware in January, settinga record for the highest volume of malware in one month. Before that,this past November was the record holder but that title easily fell whenthe new year kicked in, says O'Brien.

February, by contrast, had 1,132 new pieces of malware -- which includesworms, viruses and Trojans -- pop up.

''It was a noticeable difference,'' says Sundermeier. But he also wasquick to add that just because February's numbers were down from themonth before, they were still quite high compared to the same month justa year before. Central Command's records show that this past month had 39percent more new malware hit the Wild than February of 2005. ''This pastmonth may have been down, but obviously virus writing and volume is onthe increase.''

Part of that increase, according to O'Brien, can be linked back to aflurry of new Trojans that were unleashed last month. In fact, he saysTrojans accounted for two-thirds of the new malware that came out lastmonth.

O'Brien pointed to the Clagger-G Trojan as an example of the type offinancially motivated malware that has been plaguing users.

The author of Clagger-G, according to O'Brien, used a combination ofmalware and spam technology to spread the Trojan. The Trojan grabbed theeighth spot in Sophos' Top 10 Virus report for February. For the Trojan,which cannot spread on its own, to gain that much traction around theglobe, it must have been spammed out to millions and millions of emailaddresses worldwide, he said. To make that feasible, the virus writermust have taken advantage of giant botnets, he adds.

Sophos lists the top five viruses for February as: Netsky-P accountingfor 13.9 percent of all malware on the Internet; Nyxem-D with 9.3percent; Bagle-Zip with 8.8 percent; Zafi-B with 8.4 percent, andMytob-FO with 6 percent.

Central Command's list of top five viruses includes: Nyxem accounts for41.87 percent of malware in the Wild; Netsky-Q with 7.88 percent;Mytob-NO with 4.73 percent; Mytob-NX with 4.33 percent, and Bagle-GJ with3.10 percent.