Unlike viruses or worms, Trojans are not able to replicate and infect files on their own, but even so they are one of the most prolific and stealthy threats in the wild. This is because attackers have been able to develop increasingly sophisticated data stealing malware using Trojans that is difficult to detect using purely signature-based antivirus systems.
“For instance, Swizzor is created using an autogeneration routine, which means that every time it is downloaded it is likely to be different,” explains Paul Brook, managing director of ESET UK. “Because of this, several thousand variants of this Trojan are created every day, so proactive detection is a must when it comes to protecting users against it.”
Win32/TrojanDownloader.Swizzor, which reached the number three spot in the top ten threats for December, was the most detected threat during the first six months of 2006, experiencing a decrease during July and following months. This Trojan can be covertly installed from certain web sites or be delivered through spammed email. When the Trojan is executed, it installs several Spyware tracking programs.
Other Trojans in the top ten include Win32/TrojanClicker.Small.KJ, which tries to download and execute other executable files from the internet, allowing a remote attacker to get unauthorized access to infected systems; Win32/PSW.Lineage.DN, which is able to steal sensitive information from infected computers; and JS/TrojanDownloader.Agent.BI, which is frequently used to develop botnets among infected computers.
Top 10 Threats for December 2006
1 Win32/TrojanClicker.Small.KJ – 2.79%
2 Win32/PSW.Lineage.DN – 2.37%
3 Win32/TrojanDownloader.Swizzor – 2.09%
4 Win32/Netsky.Q – 1.81%
5 Win32/TrojanDownloader.Zlob – 1.68%
6 Win32/PSW.Agent.NBJ – 1.68%
7 JS/TrojanDownloader.Agent.BI – 1.21%
8 Win32/Adware.Boran – 1.19%
9 Win32/Rbot – 0.99%
10 Win32/Brontok.A – 0.97%