1. Win32/Bundpil
Previous Ranking: 1
Percentage Detected: 3.33%
Win32/Bundpil.A is a worm that
spreads via removable media.
The worm contains an URL address, and it tries to download
several files from the address. The files are then executed and
the HTTP protocol is used. The worm may delete the following
folders:
*.exe
*.vbs
*.pif
*.cmd
*Backup.
2. Win32/Sality
Previous Ranking: 3
Percentage Detected: 1.97%
Sality is a polymorphic file infector. When run starts a service
and create/delete registry keys related with security activities
in the system and to ensure the start of malicious process each
reboot of operating system.
It modifies EXE and SCR files and disables services and process
related to security solutions.
More information relating to a specific signature:
http://www.eset.eu/encyclopaedia/sality_nar_virus__sality_aa_sality_am_sality_ah
9. Win32/Qhost
Previous Ranking: n/a
Percentage Detected: 1.32%
This threat copies itself to the %system32% folder of Windows
before starting.
It then communicates over DNS with its
command and control server. Win32/Qhost can spread
through e-mail and gives control of an infected computer to an
attacker.
10. Win32/Dorkbot
Previous Ranking: 7
Percentage Detected: 1.26%
Win32/Dorkbot.A is a worm that
spreads via removable media.
The worm contains a backdoor. It can be controlled remotely.
The file is run-time compressed using UPX.
The worm collects
login user names and passwords when the user browses
certain web sites. Then, it attempts to send gathered
information to a remote machine.
This kind of worm can be
controlled remotely.