The virus monitoring service of Doctor Web, Ltd. has analyzed viral activities in March 2008.

The variation of the malware that writes itself to the MBR and uses rootkit technologies to hide its presence in the system (now often called a bootkit) surely became the event of the month. The bootkit entered the Dr.Web database as BackDoor.MaosBoot with its dropper added as Trojan.Packed.370. The creators of the malware tried to make it extremely difficult for an anti-virus to cure the bootkit, however, once again Dr.Web anti-virus has proven its high technology — the latest Dr.Web scanner version features a unique algorithm for detection and curing BackDoor.MaosBoot without resorting to any advanced system tools.

Strange as it seems, but spreading Trojan.PWS.LDPinch.1941 via ICQ also became an event worth mentioning. Doctor Web, Ltd. support staff received a lot of messages on infection by the Trojan from users. Morever, the Trojan executable was modified several times to avoid detection by anti-virus applications but all the variations were promptly added to the Dr.Web database.

The new social engineering trick used to lure a user into downloading the malware should also be mentioned — a reply-message from a recruiting company offering to enter personal data in a special form and providing a link to the "form”. Actually the "form" is a malicious program detected by Dr.Web ainti-viruses as Trojan.Sentinel. Spam
Apart from messages used to spread malware March saw offerings of spam mailing based on addresses databases of Russia, Ukraine and other CIS countries or tax evasion schemes and construction companies advertising which prevailed over other subjects.

March 2008 virus statistics

Table 1. 20. Most prevailing viruses detected on mail servers

Table 2. 20 Most prevailing viruses detected on users` computers.