Methodology: Counting is based on Malware with equal code characteristics, equivalent to creation of signatures. Using this methodology, G Data does not count and categorize each and every individual malicious file. Instead, the Malware types are counted,  through which many different single files can be detected as the same Malware.

 

Top 5 Malware categories
Malware samples are categorized according to their propagation mechanism and malicious function. The numbers show how many new Malware types have appeared in the according categories.

1. Trojan :  31.2%
The name Trojan Horse refers to the historical prototype and describes a program which pretends to the user to contain a certain desired function. Instead of or in addition to that, Trojan Horses contain a hidden program part, which executes unwanted and/or malicious actions on the system without the user noticing this.

Trojan horses have no propagation routine of their own (as opposed to Viruses or Worms). They are sent by e-Mail or lurking within websites or P2P networks.

2. Downloader : 25,6%
A downloader is a piece of malicious software which –as the name implicates- downloads additional files from the Internet. Beforehand, they are often trying to lower the system’s security settings.

3. Backdoor: 13.8%
Backdoors open a rear side door into the infected system. That way, the system can be remote controlled by an attacker.In most cases, additional software can be installed and the system is integrated into a bot net along with other Zombie PCs. These Zombies are then used for sending spam, stealing data or executing
distributed denial of service attacks.

4. Spyware: 13.6%
The "Spyware" category contains malicious software whose purpose is to steal personal information from the victim’s system. This includes any kind of personal data, including passwords, banking information, or even login credentials for online games.

 

5. Adware: 4.9%
Adware records activities and processes on the computer such as the victim’s web surfing behavior. Every now and then, targeted ads are displayed or search queries are manipulated in order to point the victim to certain products or services to earn money through these. In most cases, this occurs with neither the consent nor the knowledge of the victim.

Top Five Virus families:
According to program code similarities, Malware is categorized into families. The numbers show the most productive virus families:

1. Stuh: 4.4%
Trojan Horses of the Stuh family are able to hook into running processes by overwriting certain memory areas.

This affects, among others, Internet Explorer, network drivers or even certain processes of the virtualization tool VMWare.

By these means, the malicious software is able to manipulate network traffic or even record keystrokes on the affected system.

Furthermore, the Windows service for automatic updates is disabled and the system’s registry is manipulated in such a way that the malicious software is run upon every start of the system.

 

2. Fraudload 3.9%
The Fraudload family contains uncounted variants of so called scareware – programs which present themselves to the user as a security software or system tool.

The victims are told that their system is being scanned for infections. In order to remove these alleged infections, the victims are urged to buy the “full version” and to reveal their credit card information to specially crafted web sites.

Infection usually occurs through unpatched security holes within the victim’s operating system or vulnerable application software. But there are also attack methods in which the victim is lured into visiting websites which pretend to display video clips with an erotic or breaking news content. In order to watch these alleged video clips, the victim is told to install a particular video codec, which contains the malicious software.
 

3. Monder: 3.6%
The numerous Monder variants are Trojan Horses which manipulate security settings on infected systems which makes such systems vulnerable for additional attacks.

In addition, an infection with adware can occur which displays unwanted advertisements on the infected system, particularly for fake Antivirus products. The victims are told that their system is being scanned for infections. In order to remove these alleged infections, the victims are urged to buy the “full version” and to reveal their credit card information to specially crafted web sites.

Some variants download additional malicious software and transfer information about the victim’s web surfing behavior tot he attacker without informing the victim about this.

4. Autorun 2.7%
Pieces of malicious software oft he Autorun category use removable media such as USB sticks or external hard disk drives for spreading.

The convenient autorun function which is contained in common Microsoft operating systems is actively abused to inject malicious software into the victim’s system.

Through clever manipulation of graphical icons, which show up in an autorun menu after connecting the removable media, victims are lured into running the actual malicious code. For example, the first item of the menu shows a folder symbol, which is supposed to display the directory structure, but when clicked, will actually launch a malicious EXE file.

 

5. Buzus 2.7%
Trojan Horses oft he Buzus family browse their victims’ infected systems for personal data such as credit card or online banking login information or E-Mail or FTP credentials.

In addition, they try to modify security settings of the affected system in order to make it even more vulnerable.