Kaspersky Lab, a leading provider of security solutions that protect against viruses, Trojans, worms, spyware, crimeware, rootkits, phishing, hacker attacks and spam, today reported that it has detected a Trojan targeting the Symbian operating system. The Online Scanner Top Twenty chart for June 2008 highlights that the Trojan is attacking the platform that currently accounts for 72.4% of the global smartphone market.
Entering the chart at ninth position, Trojan.SymbOS.Skuller.gen is one of the oldest Trojans for Symbian OS, replacing all file icons with a skull. Yet despite its age, the success of the Symbian platform and the exponential uptake of smartphones - 115 million smartphones were sold worldwide in 2007 and analyst group Canalys predicts that global shipments will reach one billion by 2012 - has seen the malicious program become prolific.
Senior Technology Consultant at Kaspersky Lab, David Emm comments, “In May 2008 the Metropolitan Police published statistics stating that up to 10,000 mobile devices are stolen each month. But, phones don’t need to be physically stolen to be the subject of theft.” He adds, “In most cases the data held on smartphones is worth far more than the device itself, and for this reason the level of protection you put in place should be as high as the level of protection you would put in place on your laptop or PC. ”
Launched earlier this year, Kaspersky Mobile Security 7.0 offers powerful protection for data stored on Symbian and Windows Mobile-based smartphones in the event that the device is lost, as well as protecting against network attacks, malware and SMS spam. The software allows users to completely block a lost device or to remotely delete all the data on it. Moreover, if a smartphone is stolen, the SIM-Watch function prevents the thief from accessing data on the phone without the original SIM card; as soon as the original SIM card is replaced, a message notifies its owner of the new telephone number.
Two other new entries targeting non-Windows platforms entering The Online Scanner Top Twenty for the first time in June were Trojan.Mac.Dnscha.d (3rd in the chart) and Trojan.Mac.Dnscha.e (6th in the chart). “The fact that other non-Windows platforms are becoming so popular among virus writers means that the usual leading platform, Win32, is now being challenged for the first time,” observes Senior Virus Analyst with Kaspersky Lab, Alexander Gostev.
In addition, utilities that aren't themselves malicious but are used by other malware to obtain confidential user information, or interfere with the smooth functioning of the victim’s machine were still common among the programs detected by the Online Scanner throughout June. Such programs are classified as not-a-virus and these were present in 4th, 5th, 10th, 15th, 16th and 20th places.
The file viruses that flooded the Online Scanner Top Twenty last month still remain a real threat with Virus.Win32.Virut.q rising from 10th to 7th place and Virus.Win32.Virut.n still in the top five. However, Net-Worm.Win32.Allaple.b and Net-Worm.Win32.Allaple.e that entered the chart in high positions in May have disappeared from the June rankings altogether.
In contrast, the statistics in The Virus Top Twenty indicate that the malware authors’ holiday season that started in May continues in June; Email-Worm.Win32.NetSky.q continues its reign at the top of the chart as it has since the beginning of the year. The first of only two significant entries to The Virus Top Twenty chart is the worm Net-Worm.Win32.Nimda in at 16th position. Gostev notes that, “Nimda is a nasty piece of malicious code that first surfaced in 2001. It is a versatile worm that spreads not only via email, but across network drives on local area networks and also attempts to attack the IIS servers on the network.” He adds, “It leaves a computer wide open to anyone by adding a Guest user to the Administrators group and making local disks accessible by other computers on the network.”
The second significant threat is Exploit.Win32.IMG-WMF.y. Exploits being sent by email pose a serious threat to users, as some email clients display media content without first prompting the user. This exposes the computer to automatic infection. The user doesn't need to give permission for the attachment to be saved or run the malicious code will execute automatically when the user views the message.
The Virus Top Twenty in June also reports that that the UK has risen from ninth place - where it accounted for 2.83% of the origin of global infected email messages in May 2008 - to seventh and 4.28% of the worldwide total. The US remains at the top of the global ranking with 18.95%, responsible for 18.95%, followed by South Korea with 7.97% and China with 5.79%.
The Online Scanner Top Twenty – June 2008
Position |
Change in position |
Name |
Percentage |
1 |
+5 |
Email-Worm.Win32.Brontok.q |
1.50 |
2 |
+4 |
not-a-virus:PSWTool.Win32.RAS.a |
1.31 |
3 |
New |
Trojan.Mac..Dnscha.d |
1.14 |
4 |
-2 |
Virus.Win32.Virut.n |
1.13 |
5 |
New |
not-a-virus:Monitor.Win32.ActMon.511 |
0.88 |
6 |
New |
Trojan.Mac.Dnscha.e |
0.76 |
7 |
+3 |
Virus.Win32.Virut.q |
0.66 |
8 |
+7 |
Worm.Win32.AutoIt.i |
0.61 |
9 |
New |
Trojan.SymbOS.Skuller.gen |
0.58 |
10 |
Return |
not-a-virus:RiskTool.Win32.HideWindows |
0.57 |
11 |
New |
Email-Worm.Win32.Runouce.b |
0.57 |
12 |
-1 |
Worm.Win32.Mabezat.b |
0.57 |
13 |
New |
Trojan-PSW.Win32.LdPinch.fbq |
0.54 |
14 |
-5 |
Trojan.Win32.Delf.aam |
0.53 |
15 |
+1 |
not-a-virus:PSWTool.Win32.PWDump.2 |
0.49 |
16 |
Return |
not-a-virus:Monitor.Win32.Perflogger.ca |
0.49 |
17 |
-3 |
Trojan-Downloader.Win32.Autolt.aa |
0.49 |
18 |
+2 |
Virus.Win32.Alman.b |
0.47 |
19 |
New |
Trojan-Downloader.Win32.Delf.cxa |
0.47 |
20 |
-12 |
not-a-virus:AdWare.Win32.Agent.zk |
0.45 |
|
|
Other malicious programs |
85.81 |
The Virus Top Twenty – June 2008
Position |
Change in position |
Name |
Percentage |
1 |
0 |
Email-Worm.Win32.NetSky.q |
34.15 |
2 |
+2 |
Email-Worm.Win32.Nyxem.e |
13.16 |
3 |
-1 |
Email-Worm.Win32.NetSky.y |
8.20 |
4 |
+14 |
Net-Worm.Win32.Mytob.t |
5.40 |
5 |
-2 |
Email-Worm.Win32Scano.gen |
3.89 |
6 |
-1 |
Email-Worm.Win32.NetSky.d |
3.62 |
7 |
0 |
Email-Worm.Win32.NetSky.aa |
3.01 |
8 |
Return |
Email-Worm.Win32.Mydoom.m |
2.95 |
9 |
+8 |
Email-Worm.Win32.Mydoom.I |
2.62 |
10 |
+1 |
Net-Worm.Win32.Mytob.c |
2.48 |
11 |
-5 |
Email-Worm.Win32.NetSky.x |
2.45 |
12 |
-3 |
Email-Worm.Win32.Bagle.gt |
2.42 |
13 |
+1 |
Email-Worm.Win32.NetSky.t |
2.14 |
14 |
-2 |
Email-Worm.Win32.Bagle.gen |
1.46 |
15 |
-7 |
Email-Worm.Win32.NetSky.b |
1.02 |
16 |
New |
Net-Worm.Win32.Nimda |
0.93 |
17 |
New |
Trojan-Downloader.Win32.Injecter.ga |
0.91 |
18 |
-8 |
Net-Worm.Win32.Mytob.u |
0.67 |
19 |
New |
Exploit.Win32.IMG-WMF.y |
0.65 |
20 |
New |
Email-Worm.Win32.LovGate.w |
0.58 |
|
|
Other malicious programs |
7.29 |
For further information regarding the June 2008 Kaspersky Lab Online Scanner Top Twenty and The Virus Top Twenty please visit: http://www.kaspersky.co.uk/news?id=207575657 and http://www.kaspersky.co.uk/news?id=207575656.
