ESET announced today that Ani.Gen’s ‘drive-by’ attacks continued during May, placing the trojan in the number one spot of all threats detected for the second month in a row. Constituting 4.6% of all malware activity during May, the trojan exploits how Windows handles animated cursor (.ani) files and requires no action on the user’s part to become infected other than to visit or view an affected website or email.
“The problem is that even legitimate web sites present a potential danger to the most fastidious of computer users,” says Paul Brook, Managing Director of ESET UK. “The exploit can allow an attacker to take control of the machine completely just by visiting a site or viewing an email that has been exploited. The fact that it is still so prevalent indicates that a lot of servers and machines haven’t been cleaned or patched. The best advice to users is, keep your AV software up-to-date.”
Second in the ranking for May is Win32/Perlovga, a trojan that has increased its presence steadily during the year. The threat can be transmitted through email, FTP or P2P applications and is used to collect sensitive information from infected computers. In third place is Win32/Spy.VBStat.J, a spyware program that monitors activity on infected PCs and displays popup ads. Down from first place in March, Win32/PSW.Agent.NCC was fourth in May with around 1.69 % of detections. This trojan is part of a family of Trojans that are used to steal passwords through keylogging techniques. The fifth place on the ranking for May is held by Win32/Rjump.A, a worm that includes a backdoor trojan component. Rjump.a propagates through external storage devices, such as portable hard drives, memory cards, pen drives, etc.
Top 10 Threats for May 2007
1 Win32/TrojanDownloader.Ani.Gen – 4.6%
2 Win32/Perlovga – 1.92%
3 Win32/Spy.VBStat.J – 1.79%
4 Win32/PSW.Agent.NCC – 1.69%
5 Win32/Rjump.A – 1.69%
6 Win32?Pacex.Gen – 1.58%
7 Win32/Adware.Virtumonde – 1.50%
8 Win32/Netsky.Q Win32/Nuwar.gen – 1.18%
9 Win32/PSW.QQRob– 1.32%
10 TrojanDownloader.Agent.AWF – 0.95%