GFI Software has announced the top 10 most prevalent malware threats for the month of February 2011. The top 10 data is compiled from monthly scans performed by GFI's award-winning anti-malware solution, VIPRE Antivirus, and its antispyware tool, CounterSpy, as a service of GFI Labs.
Continuing a trend observed since last summer, the same types of Trojan horse programs have persistently dominated the threat landscape through February. ThreatNet statistics show that Trojans made up six of the top 10 malware threats of the month. Trojans detected as Trojan.Win32.Generic!BT continue to be the number one threat, accounting for 22.97 percent of total detections. This is an increase from the 21.38 percent in January and 21.93 percent in December of total threats detected.
These Trojans are downloaders associated with rogue security programs known as “scareware”. Once they are on a user’s system, these programs perform a fake scan of a victim’s computer for malware then display false warnings that the machine is infected in an attempt to convince victims to purchase fake security software.
“The Security Shield rogue has become very noticeable, with many comments posted to our Rogue Security software blog regarding this particular infection,” said Chris Boyd, senior threat researcher at GFI Labs. “These types of attacks notoriously cause a great deal of stress for the victim in addition to simply infecting their computer.”
While Trojans continue to be the most common threat detected, GFI Labs researchers are also seeing a rise in lesser-known attack vectors. Although they are not as common, these forms of attack are especially dangerous because most users may not know how to spot them.
"PDF exploits continue to be problematic, showing a small increase since January. February has also seen continued use of fake Java applet installs to infect PCs with malware, Alureon infected videogame patches distributed on P2P networks and phishing attempts targeting customers of the popular online retailer Play.com,” said Boyd. “With new attacks popping up every day, users need to always stay cautious and research programs they plan to download when there is any doubt.”
ThreatNet is GFI Lab’s monitoring system that retrieves real-time data from VIPRE installations. Statistics come from tens of thousands of machines running VIPRE.