Trojan Takes First Place in Top 10 List of Malware

A Trojan dubbed “Downloader.GK” caused the most damage to computers in 2004, marking the first time a worm hasn’t occupied the top spot, according to Panda Software.

This signifies an important change in the impact that malicious code is having on computers, the company concluded.

Downloader.GK is blamed for 14 percent of all attacks last year, according to data gathered via Panda ActiveScan, a free online scanner.

Preventative Measures

This Trojan doesn’t spread of its own accord, but is downloaded onto computers when unsuspecting users visit certain Web pages and accept the installation of a specific ActiveX control. Downloader.GK installs and runs two adware programs on the computers it infects.

Identifying malware is one thing, but preventing it is another, according to Ken Dunham, the director of malicious code research at iDefense, a Reston, Virginia-based threat intelligence firm. He pointed to the “Scob” Trojan, also known as “Download.Ject,” attack of last summer as an example. It might not be on the top 10 list, but it is a sophisticated attack that plagued the Web for weeks, planting adware on computer desktops.

“Scob was a very sophisticated and complicated attack and many people still don’t understand what took place there,” Dunham told the E-Commerce Times. “What comes natural is to react to the next worm and come out with a fix. What is much more difficult to do well is to know the hackers and know what they are working on and how they operate to put together the whole threat picture. We need to see how all the dots are connected and what is coming next.”

The Scob attacks have been attributed to a Russian hacking group known as the “hangUP team.” They attacked Microsoft Internet Information Services Web servers to distribute the Trojan horse program. Dunham said international crime rings often include hackers who speak multiple languages, making it hard to track them down.

Malicious Conclusions

Scob aside, since it first appeared in June 2004, the Downloader.GK Trojan has been the malicious code responsible for most attacks on users’ systems, replacing worms as the primary threat and heralding the advent of a dangerous new trend in malware, with Trojans on the increase. This is also manifest in the fact that four on Panda’s Top 10 list are also Trojans; in 2003, there were two, and in 2002 just one.

Three of the Top 10 are members of the Netsky family, (the P, B and D variants). The three share a number of characteristics, and as with many worms, they all spread via e-mail in messages with variable characteristics.

Four of the malicious codes in this year’s Top 10 use vulnerabilities in common software installed on computers in order to carry out their malicious action. This highlights the danger that these flaws represent and the need for users to install the patches provided by vendors to fix them.

“It’s a tough threat environment today,” Dunham said. “You are starting to see warlords appear in different locations carving out their territory, and they are very well organized. I don’t think it will be long before we start to see more organized turf wars and more sophisticated attacks coming to the attention of people in the public light.”