Kaspersky Lab presented a fresh rating of malicious programs, which showed the greatest activity in September 2009, traditionally consisting of two parts.


In the first list of those recorded malicious, advertising and potentially dangerous programs, which were detected and defused at the first call to them - that is, within the framework of software components on-access-scanner. The number after the decimal point - the number of infected computers.

• Net-Worm.Win32.Kido.ih, 41033
• Virus.Win32.Sality.aa, 18027
• not-a-virus: AdWare.Win32.Boran.z, 12470
• Net-Worm.Win32.Kido.ir, 11384
• Trojan-Downloader.Win32.VB.eql, 6433
• Trojan.Win32.Autoit.ci, 6168
• Virus.Win32.Induc.a, 5947
• Virus.Win32.Virut.ce, 5433
• P2P-Worm.Win32.Palevo.jdb, 5169
• Net-Worm.Win32.Kido.jq, 4288
• Worm.Win32.FlyStudio.cu, 4104
• Worm.Win32.AutoRun.dui, 4071
• Virus.Win32.Sality.z, 4056
• P2P-Worm.Win32.Palevo.jaj, 3564
• Worm.Win32.Mabezat.b, 2911
• Exploit.JS.Pdfka.ti, 2823
• Trojan-Downloader.WMA.Wimad.y, 2544
• Trojan-Dropper.Win32.Flystud.yo, 2513
• P2P-Worm.Win32.Palevo.jcn, 2480
• Trojan.Win32.Refroso.bpk, 2387

Experts from Kaspersky Lab noted that the virus Kido is still active. In addition to the leader of the past twenties Kido.ih we see a novice Kido.ir. Under this name autorun.inf-detected all the files that the worm creates for distribution through mobile carriers.

Quite rapidly spreading worm Palevo, in September, we see twenty two new versions of malicious: Palevo.jdb and Palevo.jcn. A newcomer last year's - Palevo.jaj - rose just 6 points up, which was unable to do none of the other participants of the rating. It should be noted that such high positions of these two malicious programs have taken, according to experts of the company, mainly due to the spread through removable media, suggesting that this method of distribution is one of the most effective so far.

Confirmation of this can be found in the fact that the worm is of Chinese origin - FlyStudio.cu - also spreads via removable media. In other respects, this malware has the most popular to date backdoor-functional.

Among the newcomers, we see a new version already appear in the rankings multimedia loader Wimad - Trojan-Downloader.WMA.Wimad.y. In principle, it is no different from its predecessors: startup still is prompted to download a malicious file. In this case, not-a-virus: AdWare.Win32.PlayMP3z.a.

Most noticeable in the first list are self-propagating malicious code - the tendency to increase their influence remains.

The second list is based on data obtained as a result of the web anti-virus, and characterizes the situation in the Internet. In this rating fall malicious programs found on Web pages, as well as the malicious code that attempted to boot from the web pages. The number after the decimal point - the number of infected Web pages.

• not-a-virus: AdWare.Win32.Boran.z, 17624
• Trojan.JS.Redirector.l, 16831
• Trojan-Downloader.HTML.IFrame.sz, 6586
• Exploit.JS.Pdfka.ti, 3834
• Trojan-Clicker.HTML.Agent.aq, 3424
• Trojan-Downloader.JS.Major.c, 2970
• Trojan-Downloader.JS.Gumblar.a, 2583
• Exploit.JS.ActiveX.as, 2434
• Trojan-Downloader.JS.LuckySploit.q, 2224
• Trojan-GameThief.Win32.Magania.biht, 1627
• Exploit.JS.Agent.ams, 1502
• Trojan-Downloader.JS.IstBar.bh, 1476
• Trojan-Downloader.JS.Psyme.gh, 1419
• Exploit.JS.Pdfka.vn, 1396
• Exploit.JS.DirektShow.a, 1388
• Exploit.JS.DirektShow.k, 1286
• not-a-virus: AdWare.Win32.Shopper.l, 1268
• not-a-virus: AdWare.Win32.Shopper.v, 1247
• Trojan-Clicker.JS.Agent.jb, 1205
• Exploit.JS.Sheat.f, 1193

The second twenty still a lot of updates. Here we see at once two members of the family Exploit.JS.Pdfka: under that name software products, Kaspersky Lab detected by the JavaScript-files, which are contained within the PDF-documents and use a variety of vulnerabilities in the products of Adobe (in this case - in Adobe Reader). Pdfka.ti uses the popular two-year-old vulnerability in the function Collab.collectEmailInfo. Pdfka.vn exploits the vulnerability is already newer - in the function getIcon the same object Collab.

All of the vulnerabilities in the products of Adobe, which was found quite a lot in recent years, attackers attempt to exploit the mass - regardless of the version of the product to a greater probability of load on your computer basic malicious. After all, there is always the chance that a certain number of users do not have updated software. That is why Kaspersky Lab has once again recommended to keep your major and popular software packages, in this case - produced by Adobe

The heroes of past issues - Exploit.JS.DirektShow and Exploit.JS.Sheat - are still active: checked back DirektShow.a and the emergence Sheat.f in the ranking. Other newcomers in the second list - this is trivial or iframe-clicker, or part of a malicious script.

In sum, experts from Kaspersky Lab noted a continuing trend towards the last months: the number of web packages malicious programs that use all kinds of vulnerabilities in major products, continues to grow, opening a wide field for attackers to further action. They contribute to the spread of simple iframe-clicker located on contaminated sites legal. And access to these sites, cyber criminals have already made as a result of infections with malware, steal confidential data. And here the circle closes.