If it ain’t broke, don’t fix it.
That’s what the malware community appears to be saying, as the time-honored Trojan attack model, in all its varied iterations, continues to dominate the threat rankings, researchers report.
While it’s true that a lot of different types of attacks, from simple malware downloaders to annoying adware to sophisticated botnet-breeders, can be classified as Trojans, there’s no question that the threats continue to dominate in the world of all things badware.
And that was the case once again in August, according to Sunbelt Software’s latest list of the top attacks floating over its virtual transom each month.
What does it mean? Well, for one thing there’s no chance that we’ll be heading back to the days of big noisy files that come sweeping into your in-box and declare themselves loudly as they corrupt your endpoint anytime soon.
It’s all about the slow and low baby, and what starts as a small attack ramping up quietly and incrementally over time.
Is this at all new or surprising? Not at all, but it’s worth noting in part because if the bad guys were being deterred in the least bit by defensive technologies being employed by end users they’d have already moved on to bigger and better things…. which they haven’t.
According to Sunbelt, the top 10 most prevalent (Windows) malware/spyware threats for the month of August were:
1. Trojan-Downloader.Zlob.Media-Codec 2. Adware.NetAdware.Gen 3. Trojan.FakeAlert 4. Virtumonde 5. Antivirus XP 2008 (Winifixer) 6. Trojan.NewMediaCodec 7. Trojan.Win32.Monder.gen 8. Trojan.Crypt.XPACK.Gen 9. C2.Lop 10. Backdoor.Rbot
In a nod to research published by PandaLabs and trumpeted on these pages just last week, one of the new arrivals on the list was the aptly named Antivirus XP 2008 Trojan, which is advertised by its creators as a legitimate AV program but actually consists of a “malicious backdoor Trojan that attempts to scare users into paying for useless antispyware protection by leading them to believe that their PCs are infected with malware applications,” Sunbelt reports.
Yup, we’re still talking about Trojans and fake AV programs here in the world of malware research. And tons of people must still be falling for them if the baddies are still taking the time to launch the attacks.
Some things never do seem to change.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.