The Hungary-based specialist of IT security continuously monitors virus occurrence and activity. Data from VirusBuster's mail protection systems -- in-house and externally deployed alike -- is collected and processed. VirusBuster uses the results to generate monthly statistics of the most frequent infections. These monthly virus toplists are published on the company's website as well (http://www.virusbuster.hu/en/viruslab/virus-toplist).

"April basically repeated the malware trend we observed in March", says Gábor Szappanos, the head of VirusBuster's virus lab. "Hungarians were mostly harrassed by trojans designed to download fake antivirus applications onto the victim's machine."

Trojans are malicious programs, which got their name from the legendary wooden horse built by the Greeks to defeat Troy: They pretend to serve users, but in fact they are designed to cheat their victims. The trojans on VirusBuster's toplist set off (fake) alarm bells warning the user of a virus infection, and then download a rogue antivirus application. The downloaded program promises to clean the machine, but, in reality, either does nothing (the better option), or starts some malicious activity. The user is often charged for such a download, so these trojans are, in fact, tools for fraud. They mostly come in e-mail attachments. Spammers disguise them as some useful file, such as an order confirmation. But beware! Opening the attachment launches the infection mechanism.

Cybercriminals have even targeted e-mail addresses at Hungary's leading bank, OTP, among others, with such trojan loads. Within less than a month, OTP's name was abused in two waves of this kind of attack. On both occasions, the bank issued a warning on its home page. According to the advisory, fake "otpbank.hu account notification" messages have been sent to hundreds of inboxes. The bank added that they had taken the necessary security and legal steps.

OTP Bank was by no means the only target. According to Gábor Szappanos, several waves of similar messages hit the net in April. The e-mails, which distributed a trojan, had the addressee's domain on their subject line, followed by the expression "account notification".

VirusBuster's malware toplist for April 2010:

Malware Share (%)
Trojan.FakeAlert.CHH 16.40%
Trojan.Inject.UMY 14.52%
Trojan.FakeAV.WD 14.52%
Trojan.XPACK.HSY 8.89%
Backdoor.Nepoe.IF 5.85%
Trojan.Inject.UPB 5.76%
Trojan.FakeAV.WH 5.63%
Trojan.DL.FakeAlert.CJC 3.89%
Backdoor.Nepoe.DL 2.41%
Worm.Rbot.MCG 1.61%
Other: 20,51%

About VirusBuster Ltd.

With its over 15 years of experience, VirusBuster Ltd. has international reputation in the field of IT security. Based in Budapest, Hungary, the company delivers full-fledged anti-virus and other security solutions on all major platforms to its customers on five continents. Virusbuster’s software has been recognized with numerous prizes and certificates from many independent testing organizations. Its flagship product, VirusBuster Professional, has won several “Virus Bulletin 100%” awards, “Checkmark Anti-Virus Level One” and “CheckVir” certifications. It received the “Desktop/Server Anti-Virus Detection” certification, and, in 2007 and 2008, the “Desktop/Server Anti-Virus Cleaning” certification from ICSA Labs."

Source: VirusBuster Ltd.