Increase in threats that use obfuscation techniques such as runtime packing, polymorphism and junk code
(17/09/2007)

Threats that use obfuscation techniques such as runtime packing, polymorphism and junk code injection to hide their malicious functionality accounted for 7.58% of malware detected in August.

According to ESET's ThreatSense.Net, which reports detection statistics from millions of client computers around the world, WIN32/Obfuscated, a generic name for malware that hides its true intention, was the number one threat to computer users.

In second place, accounting for 3.40% of malware threats is Win32/Agent, which includes malware that has Trojan capabilities with the ability to act as agents on the compromised computer to connect directly back to a central server or providing a backdoor onto the infected machine. Down from first place last month is Win32/TrojanDownloader.Ani.gen. in third and Win32/Agent.ARK in fourth place with 2.33 % of detections.

"This malware connects to a command and control server that seems to be located in Singapore," says Paul Brook, MD of ESET UK. "The purpose of Win32/Agent.ARK seems to be to keep control of an infected system for future use; it can be used to execute commands on the infected host and download additional software. Very often such botnet software is able to update itself with new components which add new functionality, and which help it to evade detection by signature based anti-virus software."

Top 10 Threats for August 2007:
1 Win32Obfuscated - 7.58%
2 Win32/Agent - 3.40%
3 Win32/TrojanDownloader.Ani.Gen - 2.90%
4 Win32/Agent.Ark - 2.33%
5 Win32/Adware.Virtumonde - 2.20%
6 Win32/Adware.Ezula 1.99%
7 INF/Autorun - 1.88%
8 Win32/RJump.A - 1.67%%
9 Win32/Agent.AB - 1.37%
10 Win32/Pacex.Gen - 1.32%