Security firm Check Point just released its list of the 10 Most Wanted Malware for May 2016. The Conficker worm grabbed the top spot, followed by banking Trojan Tinba and highly complex malware Sality. What’s more, the total number of active malware families spiked 15 percent last month with 2,300 unique global groups.

Here’s a look at the latest malware roundup.

Fickle Conficker?

As noted by eWEEK, the malware got its start in October 2008 when Microsoft revealed a flaw that opened the door to remotely compromise and infect Windows XP, 2000 and Server 2003. Within seven days a new worm was born, and by February 2009 the Conficker.C variant was tearing across vulnerable systems and avoiding antivirus programs.

Today the worm still accounts for 14 percent of all recognized attacks, even though support for all three original Windows targets has long since expired. Once infected, companies often disregard the worm as less pressing than other threats such as ransomware or banking Trojans.

According to SC Magazine, however, an infected system is vulnerable to both ongoing malware attacks and the theft of financial login credentials. Stopping Conficker and avoiding these threats demands antibot technologies and CPU-level sandboxing, according to Check Point’s intelligence group manager Maya Horowitz.

Tinba and Sality, meanwhile, are each on the hook for 9 percent of all malware infections worldwide. Taken together, the top 10 deliver 60 percent of all recognized attacks. It’s worth noting that they vary in vector and outcome: Seventh-place Hummingbird is Android malware capable of installing a persistent rootkit and fraudulent applications, and No. 9 is Virut, a botnet used for distributed denial-of-service (DDoS) attacks.

Breaking New Ground

While the top 10 include old threats, new vectors and a host of sophisticated attack avenues, there are a number of up-and-coming concerns that are also worth a look. Consider the Godless malware currently making the rounds on Android devices.

According to BetaNews, the threat affects almost any device running version 5.1 (Lollipop) or earlier, which translates to around 90 percent of all Android devices worldwide. Once infected, Godless exploits root vulnerabilities to remotely download apps in the background or collect and send personal data to command-and-control (C&C) servers.

Even more worrisome? The rooting process is designed to occur only when the screen is turned off. As noted by Today Online, cybercriminals are also using a mix of old and new tech to scam users: Victims receive a phone call purportedly from courier services or government agencies directing them to immediately download a specific app.

No surprise: The calls are fake, and the app is malware that allows attackers to grab personal information. It’s proof positive that social engineering still works wonders to exploit average users.

May was a big month for malicious actors, with historic code Conficker taking top spot in the malware rankings. Banking Trojans stay strong, while worms, mobile malware, exploit kits and botnets all make an appearance in the top 10. Up-and-comers such as stealthy Android rootkits and phishing phone attacks round out this high-powered malware lineup.

More from

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Abuse of Privilege Enabled Long-Term DIB Organization Hack

From November 2021 through January 2022, the Cybersecurity and Infrastructure Security Agency (CISA) responded to an advanced cyberattack on a Defense Industrial Base (DIB) organization’s enterprise network. During that time frame, advanced persistent threat (APT) adversaries used an open-source toolkit called Impacket to breach the environment and further penetrate the organization’s network. Even worse, CISA reported that multiple APT groups may have hacked into the organization’s network. Data breaches such as these are almost always the result of compromised endpoints…

Deploying Security Automation to Your Endpoints

Globally, data is growing at an exponential rate. Due to factors like information explosion and the rising interconnectivity of endpoints, data growth will only become a more pressing issue. This enormous influx of data will invariably affect security teams. Faced with an enormous amount of data to sift through, analysts are feeling the crunch. Subsequently, alert fatigue is already a problem for analysts overwhelmed with security tasks. With the continued shortage of qualified staff, organizations are looking for automation to…

Worms of Wisdom: How WannaCry Shapes Cybersecurity Today

WannaCry wasn't a particularly complex or innovative ransomware attack. What made it unique, however, was its rapid spread. Using the EternalBlue exploit, malware could quickly move from device to device, leveraging a flaw in the Microsoft Windows Server Message Block (SMB) protocol. As a result, when the WannaCry "ransomworm" hit networks in 2017, it expanded to wreak havoc on high-profile systems worldwide. While the discovery of a "kill switch" in the code blunted the spread of the attack and newly…