Password stealers and Conficker top June malware

Among most prevalent June threats were a password-stealing Trojan, infected Windows media files, and a re-emerging Conficker, says Sunbelt Software.

Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
Lance Whitney
2 min read

June proved to be another hot month for malware with by a surge in attacks by a password-stealing bot and the return of old nemesis Conficker, according to a report released Tuesday by security software maker Sunbelt.

Designed to ferret out cached passwords and log-in credentials for banking sites, "Trojan-Spy.Win32.Zbot.gen" was the second-most prevalent piece of malware detected by Sunbelt last month, up from the No. 5 spot in May. The top spot, grabbing more than a quarter of all detections, was held by "Trojan.Win32.Generic!BT," a generic form of malware with hundreds of variations and sometimes associated with scareware and rogue security software, noted Sunbelt.

Sunbelt Software

The month also marked a return engagement of Conficker, this time in the form of a variant called Downadup. Following the path of the original Conficker, the new variant jumps on a weakness in Windows Server that allows code to be executed remotely when file sharing is turned on, according to Sunbelt. This strain also takes advantage of weak administrator passwords to disable certain Windows services and anti-malware protection.

"Although Trojans continue to dominate the top 10, June reveals interesting trends such as a fresh wave of Conficker-based detections, suggesting that this troublesome piece of malware is on its way back," Sunbelt Software research center manager Tom Kelchner said in a statement.

Sunbelt also discovered other types of new malware last month. At No. 7, "Trojan.ASF.Wimad (v)" is a group of Trojanized Windows media files that, when opened in Windows Media player, point the browser to a Web site spreading malicious files. This threat surged last month due to an increase in video downloads associated with the FIFA World Cup, according to Sunbelt.

"As we expected, malware related to the distribution and downloading of media files is also on the increase, as highlighted by the appearance of Trojan.ASF.Wimad (v) in the top 10 for June, coinciding with the start of the FIFA World Cup," said Kelchner. "With many of the World Cup matches taking place during work hours when users have no access to a TV, the temptation to seek out online streaming services, be they from trusted or untrusted sources, has been too strong for some users."

The top 10 list includes the most common moderate to severe malware detected by Sunbelt's Vipre and CounterySpy antivirus and antispyware software and reported back to ThreatNet, the company's opt-in community of customers.