Users peed off with rising botnet threat

19 Dec 2007

Peed bot, also known at ‘Storm Worm’ or ‘Nuwar’, was the worst malware offender of 2007, net-security firm BitDefender has revealed

Peed bot accounted for 33.94pc of total malware detections in the past 12 months. Making up the rest of the top five were: BehavesLike:Trojan.Downloader (24.86pc); Win32.Netsky.P@mm (6.49pc); Trojan.Peed.A (2.13pc); and Win32.Nyxem.E@mm (2.13pc).

BitDefender’s malware list contains numerous mass mailers, with the Netsky family still dominating the category with three separate entries. According to BitDefender, Netsky.P is possibly the most harmful and long-lived mass mailer of all time.

In the category of viruses proper, BitDefender identified Sality.M as the most-underrated threat of the year, a highly dangerous polymorphic virus which is spread via mail and other means.

On the file-infector front, the “most spread” title goes to Virtob.2, a relatively harmless virus with an unfortunate tendency to infect the same files many times over.

BitDefender also released the top-10 spam list for 2007. The company’s anti-spam analysts noted the appearance of political spam, which they expect to grow dramatically during 2008 as the US presidential elections draw nearer.

The top 10 types of spam were: penny stocks spam; drug spam; pornography; replica watches; loans; phishing spam; pirated software; fake job ads; dating-site spam; and fake diplomas.

“The past year has seen both the tail end of the mass-mailer age and the rise of the botnets as the top threat category,” said Viorel Canja, head of BitDefender’s Antivirus Lab.

“BitDefender’s top 10 for 2007 also reflects a re-emergence of file infectors as a credible threat, primarily because of widespread P2P sharing. We’ll see what the future holds.”

According to the BitDefender anti-spam analysts, stock spam was mostly attachment-based, with image attachments dominating the first half of the year and “experimental” waves of mp3 and PDF spam filling up inboxes in the second half.

In the past few months, obfuscated text-only penny stock spam also made a re-appearance.

BitDefender expects this trend to continue in 2008, as the volume of such spam waves is constantly increasing. It anticipates more emphasis on diversifying the targets, content and appearance of the emails, in search of better returns.

Phishing spam was less prominent during 2007 than previous years, but is much more dangerous than other types of spam as it causes direct financial losses to victims.

BitDefender anti-spam experts predict that phishing spam will continue to be significant (in volumes and damages alike) next year, with improvements expected in the techniques used by criminals to defeat anti-spam filters, as well as increasing use of SSL authentication by phishing websites to get the all-important “lock icon” look in the victim’s browser.

The number of banks targeted will also grow significantly, BitDefender predicted.

BitDefender also announced that it detected a new Trojan, which hijacks Google text advertisements and replaces them with ads from a different provider.

The threat, identified as Trojan.Qhost.WU, modifies infected computers’ Hosts file, a local storage for domain name/IP address mappings that is consulted before domain name servers and is considered authoritative.

The modified file contains a line redirecting the host “” which should point to an IP of the form to a different address, of the form, so that the infected machines’ browsers read ads from the server at the replacement address rather than from Google.

“This damages both users because the advertisements and/or the linked sites may contain a malicious code (a very likely situation, given that they are promoted using malware in the first place), and webmasters, because it takes away viewers and thus a possible money source from their websites,” said BitDefender virus analyst Attila-Mihaly Balazs.

By Niall Byrne