Lavasoft Security Bulletin - May 2014: Top Threats
Top20 Blocked Malware
| Position | Ad-Aware detection | % of all threats | Change in ranking |
| 1 | Win32.Trojan.Agent | 66.35% | -8.24% |
| 2 | Trojan.Win32.Generic!BT | 20.66% | +5.98% |
| 3 | Exploit.PDF.Pdfjs.aei | 2.84% | new |
| 4 | Virus.Win32.Ramnit.a | 1.46% | +0.79% |
| 5 | Worm.LNK.Jenxcus.aha | 0.66% | +0.09% |
| 6 | Malware.JS.Generic | 0.54% | -0.12% |
| 7 | Trojan.Win32.Ramnit.c | 0.50% | +0.38% |
| 8 | Trojan.Win32.Generic.pak!cobra | 0.42% | -0.28% |
| 9 | Trojan.Win32.Generic!SB.0 | 0.35% | +0.04% |
| 10 | Virus.Win32.Ramnit.b | 0.33% | new |
| 11 | HackTool.Win32.Keygen | 0.33% | -0.27% |
| 12 | Virus.Win32.Sality.at | 0.32% | -0.09% |
| 13 | Email-Worm.Win32.Brontok.a | 0.26% | new |
| 14 | Virus.Win32.Sality.ek | 0.24% | new |
| 15 | Trojan.Win32.Jpgiframe | 0.22% | -0.10% |
| 16 | Virus.Win32.Virut.ce | 0.21% | new |
| 17 | FraudTool.Win32.FakeVimes!VB | 0.20% | new |
| 18 | Trojan-Clicker.HTML.Iframe | 0.19% | new |
| 19 | Win32.Worm.Autorun/A | 0.18% | new |
| 20 | Virus.Win32.Expiro.cn | 0.16% | new |
The Top 20 malicious programs blocked on PCs
Malware Prevalence Table - May 2014
The table below ranks the most prevalent families seen in May.
| Position | Ad-Aware detection | % of all threats | Change in ranking |
| 1 | Trojan.Win32.Generic!BT | 33.79% | -0.08% |
| 2 | Virus.Win32.Virut.ce | 6.72% | +0.01% |
| 3 | Virus.Win32.Expiro.gen | 5.82% | -1.70% |
| 4 | Trojan-Downloader.Win32.LoadMoney.u | 4.59% | -0.57% |
| 5 | Trojan.Win32.Generic.pak!cobra | 2.81% | -0.20% |
| 6 | InstallCore | 1.75% | +0.93% |
| 7 | Trojan.Win32.Generic!SB.0 | 0.83% | +0.06% |
| 8 | Trojan.Win32.LoadMoney.f | 0.78% | +0.44% |
| 9 | Trojan.Win32.Ircbot!cobra | 0.73% | -0.13% |
| 10 | Worm.Win32.Picsys.c | 0.49% | new |
| 11 | Adware.OutBrowse | 0.49% | -0.09% |
| 12 | Optimum Installer | 0.48% | -0.05% |
| 13 | Conduit | 0.48% | new |
| 14 | Click run software | 0.40% | -0.07% |
| 15 | Vittalia Installer | 0.39% | new |
| 16 | Trojan.Win32.DelfInject.m | 0.31% | -0.05% |
| 17 | Trojan.StartPage | 0.27% | +0.05% |
| 18 | Worm.Win32.Gamarue.z | 0.25% | +0.04% |
| 19 | Backdoor.MSIL.Bladabindi.a | 0.23% | +0.03% |
| 20 | FraudTool.Win32.InternetProtection.ek!a | 0.18% | -0.03% |
New malicious programs entered the Top 20
This month we discovered several new Fake-AVs that have GUIs similar to the ones below. One of them – “Open Cloud AV” - even utilizes a cloud security concept.
Fake AV (MD5: 1c01c7a1c0d18c376d295522f096a5cb) is detected by Ad-Aware as Gen:Variant.Kazy.73805
Fake AV (MD5: 5deeff05129a1d4aaf5bac9091d9058f) is detected by Ad-Aware as Trojan.Generic.KD.369558
Fake AV (MD5: 6882c02d396d287ddfb3717bb717bead) is detected by Ad-Aware as Trojan.FakeAlert.CYD
Top20 Potentially Unwanted Programs
Below are the Top20 Potentially Unwanted Programs blocked by Ad-Aware on user’s PCs. These are advertising software, browser toolbars, search engines and other programs which change browser start pages and other system settings.
| Position | Ad-Aware detection | % of all threats | Change in ranking |
| 1 | Conduit | 19.38% | +2.56% |
| 2 | MyWebSearch | 15.30% | -1.77% |
| 3 | Win32.PUP.Bandoo | 12.33% | -2.01% |
| 4 | Adware.JS.Conduit | 8.31% | -0.88% |
| 5 | Adware.Linkury | 7.36% | -1.85% |
| 6 | Yontoo | 3.41% | +2.71% |
| 7 | Crossrider | 2.25% | +0.29% |
| 8 | Montiera | 1.68% | +1.04% |
| 9 | Adware.SaveSense | 1.61% | -0.91% |
| 10 | Win32.Toolbar.Iminent | 1.56% | -0.16% |
| 11 | DomaIQ | 1.34% | +0.11% |
| 12 | Adware.Win32.Multiplug.c | 1.32% | -0.06% |
| 13 | BetterInstaller | 1.10% | new |
| 14 | Win32.Adware.Agent | 1.07% | +0.32% |
| 15 | Iminent | 0.99% | -0.73% |
| 16 | SweetIM | 0.82% | -0.13% |
| 17 | Opencandy | 0.78% | -0.02% |
| 18 | Adware.DealPly | 0.77% | -0.24% |
| 19 | InstallCore.b | 0.76% | +0.07% |
| 20 | InstallCore | 0.75% | -0.07% |
Top20 PUPs detected on user’s PC
Operating Systems
Infections by OS
Geographic Location
Infections by country of origin
We will keep investigating the epidemiological situation in the world and informing our readers about new malicious code samples in the next Lavasoft Security Bulletin.
Read also:
Lavasoft Security Bulletin - May 2014: Bot Review.
Kelihos Adopts Anti-Analysis Technique.
Share this post:
Twitter
Facebook