Exploitation of vulnerability in Internet Explorer was the most significant cybercrime threat during March 2010

Kaspersky Lab today reports that exploits of a vulnerability found in Microsoft’s web browser, Internet Explorer, were amongst the most widespread malware programs detected during March 2010. Meanwhile, the script Trojan-Downloader program, Gumblar, has continued the resurgence reported last month to remain the most prolific malware program on the global threat landscape.

The IT threat landscape evolved significantly in March 2010 with new programs accounting for more than half of Kaspersky Lab’s Top Twenty ranking of malicious programs detected on the Internet, with Trojan variants continuing to dominate.

One of the most significant events during March 2010 was the publishing of a rather detailed description of a vulnerability that was found to exist in versions 6 and 7 of Microsoft’s popular web browser, Internet Explorer. This in turn led the exploit to becoming extremely widespread by cybercriminals. Two variants of the exploit - Exploit.JS.CVE-2010-0806.i and Exploit.JS.CVE-2010-0806.b - in second place and tenth please respectively, accounted for 199,484 attempted downloads during March 2010.

Although software vendors typically quickly patch such vulnerabilities in software programs, Kaspersky Lab warns that too many computer users are not installing these patches in time.

The epidemic being caused by the Trojan-Downloader program, Gumblar, remained in full swing throughout March. The variant - Trojan-Downloader.JS.Gumblar.x - remained at the top of the chart, whilst a new updated variant was reported, detected as HEUR:Trojan-Downloader.Script.Generic.

Kaspersky Lab has also identified that cybercriminals are increasingly taking advantage of user gullibility and naivety. The most common malware of this kind used by the cybercriminals in March included rogue antivirus solutions and ransomware.

Top twenty ranking for March 2010 - Malicious programs, adware and potentially unwanted programs that were detected and neutralised when accessed for the first time, i.e. by the on-access scanner.

Position	Change in position	Name	Number of infected computers
1	0	Net-Worm.Win32.Kido.ir	332833
2	0	Virus.Win32.Sality.aa	211229
3	0	Net-Worm.Win32.Kido.ih	186685
4	0	Net-Worm.Win32.Kido.iq	181825
5	0	Worm.Win32.FlyStudio.cu	121027
6	0	Trojan-Downloader.Win32.VB.eql	68580
7	New	Trojan.Win32.AutoRun.abj	66331
8	1	Virus.Win32.Virut.ce	61003
9	1	Packed.Win32.Krap.l	55823
10	-2	Worm.Win32.AutoIt.tc	55065
11	4	Worm.Win32.Mabezat.b	49521
12	-5	Exploit.JS.Aurora.a	43776
13	New	Packed.Win32.Krap.as	40912
14	New	Trojan.Win32.AutoRun.aay	40754
15	3	Trojan-Dropper.Win32.Flystud.yo	40190
16	-4	Virus.Win32.Induc.a	38683
17	-4	not-a-virus:AdWare.Win32.RK.aw	38547
18	New	Trojan.Win32.AutoRun.abd	37037
19	-5	not-a-virus:AdWare.Win32.Boran.z	36996
20	0	not-a-virus:AdWare.Win32.FunWeb.q	34177

Top twenty ranking for March 2010 - Malicious programs on the Internet, reflecting the online threat landscape. This ranking includes malicious programs detected on web pages and malware downloaded to victim machines from web pages.

Position	Change in position	Name	Number of attempted downloads
1	0	Trojan-Downloader.JS.Gumblar.x	178965
2	New	Exploit.JS.CVE-2010-0806.i	148721
3	-1	Trojan.JS.Redirector.l	126277
4	2	Trojan-Clicker.JS.Iframe.ea	102226
5	4	Exploit.JS.Aurora.a	88196
6	4	Trojan.JS.Agent.aui	80654
7	-3	not-a-virus:AdWare.Win32.Boran.z	75911
8	New	Trojan.HTML.Fraud.aj	68809
9	New	Packed.Win32.Krap.as	64329
10	New	Exploit.JS.CVE-2010-0806.b	50763
11	New	Trojan.JS.FakeUpdate.ab	49412
12	New	Trojan.HTML.Fraud.aq	48927
13	3	Packed.Win32.Krap.ai	47601
14	Return	Trojan-Downloader.JS.Twetti.a	46858
15	New	Exploit.JS.Pdfka.bub	45762
16	New	Trojan-Downloader.JS.Iframe.byo	44848
17	New	Trojan.JS.FakeUpdate.aa	42352
18	Return	not-a-virus:AdWare.Win32.Shopper.l	41888
19	New	Trojan-Clicker.HTML.IFrame.fh	38266
20	New	Packed.Win32.Krap.ao	36123

To find out more about cyber threats visit: http://www.kaspersky.co.uk.