Menu
 Home
 Local News    
 Global News
 Technical & Product News
 Opinions
 Contact Us
 Subscribe/Unsubscribe
 
 Publications
 ICT World
 Cable Talk
 Computing S.A.
 Network World
 The Channel
 IT users handbook
 
 Sponsors
 ICT World Company Directory
 
 Partners
 CareerJunction
 Johnnic Mag Division
 
 Privacy Policy
 Privacy Policy
 
   
   

Top ten spyware for 2006

Date: 09 January 2007
Issue: Two hundred and seventeen (8/1/07 -12/1/07)
(ICT World)
Category: Global News
PandaLabs has published its list of the spyware most frequently detected by ActiveScan in 2006.

The top ranking spyware is Gator. This adware offers free use of an application if users agree to view a series of pop-up messages downloaded by Gator. Some versions of this spyware replace banners on Web pages visited with those created by the malicious code itself.
Ê
Second and third place in the top ten are occupied by Wupd and Ncase respectively. Both offer free use of an application in exchange for displaying advertising messages. They also monitor users Internet movements and gather data about habits and preferences. This information is then used to personalise the advertising displayed. Additionally, Ncase changes the Internet Explorer home page, as well as the default search options.
Ê
The adware CWS is in fourth place. This can be installed without users consent or without them being fully aware of the functionality of the tool. Emediacodec, in fifth place in the Top Ten, has similar characteristics. It uses a series of techniques in order to prevent it being detected by anti-virus companies. It can even terminate its own execution if it detects that it is being executed in a virtual machine environment, such as VMWare.
Ê
In sixth place in the table is Lop, a type of adware with many variants. In most cases, this malicious code installs a toolbar with search features in Internet Explorer. It also displays numerous advertising pop-ups. Winantivirus, in seventh place, is categorised as a Potentially Unwanted Program (PUP). It is downloaded onto computers by other malicious code, such as Downloader.LHW, and exploits application vulnerabilities in order to spread. Winantivirus is also capable of damaging users systems.
Ê
CWS.Searchpmeup is in eighth place in the list. This malicious program changes the Internet Explorer home page and the default search options. The Web page that it sets as the home page uses several exploits to download malware onto computers. Next in the ranking is Winfixer2005, a PUP that searches the computer for supposed ‘errors and then demands that users buy the program in order to repair them. Finally, in tenth place comes New.net, a spy program that adds a toolbar to Internet Explorer and collects information about the user, including Internet pages visited, etc.
Ê
The information gathered by PandaLabs about spyware in 2006 highlights the prevalence - seven of the top ten - of adware. This type of malware has grown continuously throughout the year and is expected to continue doing so in 2007. Similarly, in 2006 there has been an increase in rootkits and other malware that use similar techniques. A rootkit is a tool used to hide the processes of malicious codes, making them harder to detect.
Ê
Another significant aspect of the last year has been the appearance of a new category of malware. Rogue antispyware claims to detect spyware or to repair errors. This increasingly prevalent malware detects flaws or malicious code on computers but then demands that users pay for a registered version of the program if they want to delete these threats.

WinAntivirus2006, in seventh place in the top ten, is a good example of this new category. Some of them, such as SpySheriff, 23rd in the ranking, not only detect real errors or attacks but also claim to have detected malware which actually does not exist. Winfixer2005, in ninth place, is another example of malicious code that promises to repair non-existent errors.
Ê
False codecs are variants of this type of malware. EmediaCodec, in fifth place in the Top Ten, is a good example of this type of malicious code. The way this malware operates is quite simple. While the user is viewing the Internet, they are offered certain videos, normally pornographic. In order to see them, they have to install a false codec which downloads adware. Normally these are not real codecs, but passwords that register in the system and have to be installed in order to see the videos.
Ê
All users that want to know whether their computers have been attacked by these or other malicious code can use ActiveScan, the free, online solution available at: www.pandasoftware.com/activescan. This allows users toÊscan their computers thoroughly if they suspect that they have been infected.