Connect with us

Hi, what are you looking for?


Malware & Threats

Conficker Remains Top Malware by Number of Attacks

As one of the oldest active threats, Conficker continues to lead the malware landscape by number of registered attacks, accounting for 14 percent of recognized incidents, Check Point researchers say.

As one of the oldest active threats, Conficker continues to lead the malware landscape by number of registered attacks, accounting for 14 percent of recognized incidents, Check Point researchers say.

Seven years after it emerged, the Confiker worm is the most prominent malware family, trailed by Tinba and Sality, each with 9 percent of recognized attacks, the security researchers reveal. Although it rarely made it to the headlines the past half a year, Confiker was seen in a noteworthy infection during fall last year, when researchers found it shipping inside police body cameras.

According to Check Point, the number of active global malware families increased 15 percent in May, and the security firm detected a total of 2,300 unique and active malware families targeting business networks. In April, the researchers observed an increase of 50 percent in the number of unique malware families.

“The continued rise in the number of active malware variants highlights the wide range of threats and scale of challenges security teams face in preventing an attack on their business critical information,” Check Point says.

The top ten malware families worldwide in May included Conficker, Tinba (also known as Tiny Banker or Zusy), Sality, JBossjmx, Hummingbad, Zeroaccess, Zeus, Angler EK, Virut, and Cutwail. The security researchers explain that these ten malware families were responsible for 60 percent of all recognized attacks worldwide during May.

According to Check Point’s Threat Index for May, the Tinba banking Trojan has increased its presence on the threat landscape in May, while Sality, a Windows virus that allows remote operations and downloads of additional malware, has registered a lower infection rate. Among the threats that soared last month, we can also mention Zeus, a banking Trojan that uses man-in-the-browser keystroke logging and form grabbing to steal user credentials.

Trending down in the new Threat Index, albeit unsurprisingly, was the Angler exploit kit, which has completely vanished from the landscape two weeks ago. Responsible for over 60 percent of the EK traffic only a few months ago, Angler left a great void that other exploit kits weren’t able to fill as of yet: the overall EK activity went down 96% compared to April’s levels.

Advertisement. Scroll to continue reading.

What’s also noteworthy is that the top 10 most wanted malware families are banking Trojans, botnets, worms, and exploit kits, with no ransomware family making an appearance on the list. For the past several months, ransomware has been terrorizing organizations and individuals alike, but no malware family in this category has managed to soar to top levels as of now, it seems.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...