In January, Sdbot.ftp was the malware most frequently detected by Panda ActiveScan, the free online antivirus solution. In addition to this malicious code, ranked first in distribution for the seventh month in a row, other visible threats on this monthly list include Metafile, in second place, and Tearec.A, in sixth place. With respect to spyware, New.net occupies first place in the ranking.

During the first month of this year, Sdbot.ftp was responsible for 2.99 percent of infections. Then comes Metafile (1.99%), Sober.AH (1.30%), and Netsky.P (1.25%). The malware that follows these top threats — Gaobot.gen; Tearec.A; Torpig.A; Qhost.gen; Alcan.A and Parite.B — show frequency percentages of less than 1 percent.

1. W32/Sdbot.ftp (2.99 %)
2. Exploit/Metafile (1.99 %)
3. W32/Sober.AH.worm (1.30 %)
4. W32/Netsky.P.worm (1.25 %)
5. W32/Gaobot.gen.worm (0.90 %)
6. W32/Tearec.A.worm (0.80 %)
7. Trj/Torpig.A (0.80 %)
8. Trj/Qhost.gen (0.76 %)
9. W32/Alcan.A.worm ( 0.70 %)
10. W32/Parite.B (0.61%)

The following conclusions can be drawn from the Top Ten ranking of the threats most frequently detected by Panda ActiveScan in January:

  Sdbot.ftp: seven months at the head of the ranking: Since July 2005, Sdbot.ftp has been the threat that has had most impact. This is a script used by certain malware specimens to download, via FTP, the Sdbot worm. It does this by exploiting several operating system vulnerabilities such as LSASS or RPC-DCOM.

  The high profile of Metafile: Metafile, which first appeared towards the end of December 2005, was the second most prevalent threat in January 2006. This is an exploit or code written to take advantage of a security vulnerability in GDI32.DLL, used by programs such as Windows Picture and Fax Viewer. This threat affects the following Windows platforms: Windows 98, Millennium Edition (ME), 2000, XP and Server 2003.

The impact of Metafile, along with the top-ranking position of Sdbot.ftp, once again highlights the success of malware creators in exploiting vulnerabilities in major programs to bolster the impact of their creations.

  Tearec.A: Social engineering hand-in-hand with Internet threats: Mid-January, Tearec.A hit computers around the world, and for days, the most frequently detected malware by the free, online antivirus solution Panda ActiveScan. Its successful propagation was based largely on the use of social engineering techniques by its creator. The e-mails in which Tearec.A spread used erotic themes and subject lines to trick recipients.

  The growing presence of worms Seven out of ten of the viruses in January’s Top Ten are worms, reflecting the growing trend seen in the previous month’s ranking, in which six out of the Top Ten were worms, while showing a corresponding decline in the presence of Trojans.

January’s spyware ranking shows that first place remains unaltered with respect to the previous month, with New.net (1.28%) in first place. The remaining examples of spyware in the Top Ten all have frequency percentages of less than 1%: Smitfraud, Virtumonde, RXToolbar, Altnet, BetterInet, Media-motor, SafeSurf, MarketScore and Petro-Line. The most notable features of this spyware ranking, with respect to December’s classification, are the appearance of Smitfraud and SafeSurf, replacing Cydoor and Premeter, which last month, held second and third places respectively.

1. Spyware/New.net (1.28 %)
2. Spyware/Smitfraud (0.55 %)
3. Spyware/Virtumonde (0.46 %)
4. Spyware/RXToolbar (0.37 %)
5. Spyware/Altnet (0.35 %)
6. Spyware/BetterInet (0.29 %)
7. Spyware/Media-motor (0.26 %)
8. Spyware/SafeSurf (0.23 %)
9. Spyware/MarketScore (0.22 %)
10. Spyware/Petro-Line (0.20 %)

For more information about these and other malicious code, visit www.pandasoftware.com/virus_info/encyclopedia.