Skip to main content

Sality & Stuxnet - Not Such a Strange Coincidence

October 5, 2010

Kaspersky Lab announces the publication of its Monthly Malware Statistics for September 2010

Kaspersky Lab announces the publication of its Monthly Malware Statistics for September 2010. The onset of autumn brought with it advances in the Sality virus and an increase in the number of adware programs on the web.

According to Kaspersky Lab statistics, a new variant of the notorious polymorphic Sality virus, dubbed 'bh', was found to be particularly widespread on users' computers. A newcomer to the ranking, Sality.bh claimed eleventh position and spread with the help of Trojan-Dropper.Win32.Sality.cx which uses vulnerability in Windows LNK files. This is the first detected zero-day vulnerability to be used by the now infamous Stuxnet worm. This same vulnerability was exploited by Trojan-Dropper.Win32.Sality.r back in August. The geographical distribution of the droppers in question mirrors that of the Stuxnet worm, both of them appearing most prolifically in India, followed by Vietnam and then Russia.

"Cybercriminals are usually very quick to release exploits when new vulnerabilities are discovered. The fact that huge numbers of users fail to update their software on a regular basis only encourages them. The extensive media coverage afforded to Stuxnet has only served as an advertisement for the vulnerabilities used by various cybercriminal groups," commented Vyacheslav Zakorzhevsky, Senior Virus Analyst and author of the review.

An advertising theme is also evident in the second ranking of web threats – for the first time the number of adware programs was equal to the number of exploits, which remain popular with cybercriminals. A total of seven AdWare.Win32 programs made it into this month's Top Twenty ranking. These types of adware are more annoying than harmful. Their main aim is to attract the attention of users with advertising banners that are integrated into conventional software. Although they are generally harmless, such programs do slow down the operating speed of a computer.

Something of a curiosity in September's web-borne threat ranking is the newcomer Exploit.SWF.Agent.du which is a Flash file. Until now, it’s been relatively rare to see vulnerabilities in Flash technology being exploited.

The full version of the September malware ranking from Kaspersky Lab is available at: www.securelist.com/en.

Sality & Stuxnet - Not Such a Strange Coincidence

Kaspersky Lab announces the publication of its Monthly Malware Statistics for September 2010
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases