Kaspersky Lab has released its monthly malware statistics detailing which malicious programs were detected and blocked by the company’s security software solutions during May 2010.
Kaspersky Lab has released its monthly malware statistics detailing which malicious programs were detected and blocked by the company’s security software solutions during May 2010.
Exploits – dedicated programs designed to attack computers via vulnerabilities in legitimate software – and their Trojan counterparts dominated not only the Top Twenty rating for malware detected on computers protected by Kaspersky Lab solutions, but also the Internet-borne malware rating.
In recent months both these rankings have shown a marked increase in the use of exploits by cybercriminals. Their goal remains the same – the theft of confidential user data – but the propagation techniques and methods that prevent the analysis and detection of malware have varied.
One entry of note in the end-user Top Twenty malware list is a Trojan that steals account logins and passwords for popular online games. Players of CabalOnline, Metin2, Mu Online and various games developed by Nexon.net have all been affected by Trojan-GameThief.Win32.Magania.dbtv.
Eleven of May’s Internet malware Top Twenty are exploits of one sort or another and their accompanying Trojan sidekicks. These malicious programs occupy five consecutive Top Twenty places starting from second place and then appear on the list in groups of two or three. Three of the newcomers are exploits for Java and users of this platform are strongly advised to check for software updates on a regular basis.
First place on the Internet malware Top Twenty goes to Trojan-Clicker.JS.Iframe.bb. This particular piece of malware is designed to increase website hit counts by making the victim computers visit them without the users’ knowledge or consent. In May alone this Trojan infected almost 400,000 websites.
Malicious programs detected on computers protected by Kaspersky Lab
The first Top Twenty list immediately below shows malware, adware and potentially unwanted programs that were detected and neutralised by Kaspersky Lab’s on-access scanner when they were accessed for the first time.
| Position | Change in position | Name | Number of infected computers |
| 1 |  0 | Net-Worm.Win32.Kido.ir | 339585 |
| 2 | 0 | Virus.Win32.Sality.aa | 210257 |
| 3 | 0 | Net-Worm.Win32.Kido.ih | 201746 |
| 4 | 0 | Net-Worm.Win32.Kido.iq | 169017 |
| 5 |  9 | Trojan.JS.Agent.bhr | 161414 |
| 6 |  -1 | Worm.Win32.FlyStudio.cu | 127835 |
| 7 | -1 | Virus.Win32.Virut.ce | 70189 |
| 8 | 0 | Trojan-Downloader.Win32.VB.eql | 66486 |
| 9 | 0 | Worm.Win32.Mabezat.b | 54866 |
| 10 | 0 | Trojan-Dropper.Win32.Flystud.yo | 50490 |
| 11 | 0 | Worm.Win32.AutoIt.tc | 47044 |
| 12 | 1 | Packed.Win32.Krap.l | 44056 |
| 13 |  New | Trojan.JS.Iframe.lq | 38658 |
| 14 | New | Trojan.Win32.Agent2.cqzi | 35423 |
| 15 | 1 | Trojan.Win32.Autoit.ci | 34670 |
| 16 | New | Trojan-GameThief.Win32.Magania.dbtv | 31066 |
| 17 | New | Trojan-Downloader.Win32.Geral.cnh | 30225 |
| 18 | New | Trojan.JS.Zapchast.dv | 29592 |
| 19 | -2 | Virus.Win32.Induc.a | 28522 |
| 20 | -8 | Exploit.JS.CVE-2010-0806.e | 27606 |
Malicious programs on the Internet
The second Top Twenty list below shows data generated by the web antivirus component and reflects the online threat landscape. This table includes malware detected on web pages and malware downloaded to victim machines from web pages.
| Position | Change in position | Name | Number of attempted downloads |
| 1 | New | Trojan-Clicker.JS.Iframe.bb | 397667 |
| 2 | New | Exploit.Java.CVE-2010-0886.a | 244126 |
| 3 | New | Trojan.JS.Redirector.cq | 194285 |
| 4 | New | Exploit.Java.Agent.f | 108869 |
| 5 | New | Trojan.JS.Agent.bhr | 107202 |
| 6 | New | Exploit.Java.CVE-2009-3867.d | 85120 |
| 7 | -2 | not-a-virus:AdWare.Win32.FunWeb.q | 82309 |
| 8 | -6 | Exploit.JS.CVE-2010-0806.i | 79192 |
| 9 | -5 | Exploit.JS.CVE-2010-0806.b | 76093 |
| 10 | New | Trojan.JS.Zapchast.dv | 73442 |
| 11 | -2 | Trojan-Clicker.JS.Agent.ma | 68033 |
| 12 | New | Trojan.JS.Iframe.lq | 59109 |
| 13 | New | Trojan-Downloader.JS.Agent.fig | 56820 |
| 14 | 5 | not-a-virus:AdWare.Win32.Shopper.l | 50497 |
| 15 | 2 | Exploit.JS.CVE-2010-0806.e | 50442 |
| 16 | -4 | Trojan.JS.Redirector.l | 50043 |
| 17 | New | Trojan.JS.Redirector.cj | 47179 |
| 18 | -2 | not-a-virus:AdWare.Win32.Boran.z | 43514 |
| 19 | -6 | Trojan-Dropper.Win32.VB.amlh | 43366 |
| 20 | New | Exploit.JS.Pdfka.chw | 42362 |
The full version of Kaspersky Lab’s Monthly Malware Statistics for May can be found at www.securelist.com/en.
