Trojan Threats Ruled Roost in December

By Matthew Hines  |  Posted 2010-01-05 Print this article Print

Trojan attacks once again led the way in terms of the sheer volume of threats tracked by security researchers during the month of December.

According to experts with Sunbelt Software, based on their month-long scanning efforts, the mix of attacks seen over the course of Dec. 2009 was very similar to what was observed during November.

In both cases, Trojan threats led the way and accounted for almost 20 percent of all the malware activity detected by the company's filters. Trojans specifically accounted for some 18.7 percent of all attacks in the final month of the calendar year.

As they have for years now, the attacks that disguise themselves as legitimate files or programs remain the primary method that attackers are attempting to use to dupe people, a sign that the technique must still be finding plenty of victims.

The fact the Trojan categorization covers so many different types of attacks, from botnets to e-banking spyware, also helps contribute to the fact that the technique remains so pervasive.

"When nearly 20 percent of our detections for the month are a 'bulk' detection like this, it is evident that Trojans are still a huge threat today. They're being used to download a lot of malware, including rogue security products, bot installers and spyware that steal banking passwords," Michael St. Neitzel, vice president of Threat Research at Sunbelt, said in a report summary.

Overall the Trojan.Win32.Generic!BT Trojan outpaced all others by a wide margin, accounting for 18.7 percent of all new detections by Sunbelt.

The company said that after occupying the top of its list for most of 2009, the Trojan-Spy.Win32.Zbot.gen spyware downloader once again finished second in terms of sheer frequency, as it did in November 2009, accounting for 6.23 percent of all new detections.

Two newly appearing attacks included a browser toolbar dubbed Fast Browser Search that hijacks people's browser-based search capabilities (2.4 percent of all detections), as well as another generic Trojan, Trojan.Win32.Malware (2.23 percent).

One of the top delivery methods for the attacks is for scammers to poison search engine results on common terms with links to sites that download their code.

"Malicious operators have been using search engine optimization (SEO) techniques in order to lure victims to malicious sites that download Trojans. Their sites place in the top hits in many online search engines when Internet users go looking for current topics in the news," St. Neitzel said.

Some of the most commonly employed themes used to lure in Web search users were the death of actress Brittany Murphy, fake OS software, New Year's festivities, and golfer Tiger Woods.

For a full list of the month's top ten, click here.

Follow eWeek Security Watch on Twitter at: eWeekSecWatch.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel