On-line Scanner Top Twenty February 2006

Position	Change in position	Name	Percentage
1.	New!	Email-Worm.Win32.Bagle.fj	4.76
2.	+7	Trojan-Spy.Win32.Banker.anv	2.20
3.	New!	Trojan-Spy.Win32.Banker.ark	2.04
4.	+2	Trojan-Spy.Win32.Bancos.ha	1.56
5.	-4	Worm.Win32.Feebs.gen	1.44
6.	-2	Trojan-Spy.Win32.Banker.ahy	1.06
7.	+3	Email-Worm.Win32.Wukill	0.92
8.	New!	Trojan-Downloader.Win32.VB.vz	0.90
9.	New!	Trojan-Downloader.Win32.Adload.t	0.89
10.	+9	not-a-virus:PSWTool.Win32.RAS.a	0.77
11.	New!	Backdoor.Win32.ControlTotal.ag	0.67
12.	New!	not-a-virus:Monitor.Win32.Perflogger.az	0.67
13.	+2	Trojan-Downloader.Win32.INService.gen	0.63
14.	New!	Backdoor.Win32.Rbot.gen	0.55
15.	New!	Trojan-PSW.Win32.PdPinch.gen	0.54
16.	-8	Email-Worm.Win32.Nyxem.e	0.54
17.	New!	Trojan-Downloader.Win32.Harnig.bb	0.47
18.	New!	Email-Worm.Win32.NetSky.q	0.46
19.	New!	Trojan-Spy.Win32.Bancos.u	0.44
20.	New!	Virus.Win32.Parite.b	0.44
Other malicious programs			78.05

This is the second month that we are analyzing the data we collect from our on-line scanner. We can now make preliminary comparisons with our mail traffic statistics and analyze emerging trends.

The first interesting point is the fact that the numbers in this table fluctuate far more than the numbers in the mail traffic rankings. In February, 12 new malicious programs appeared, and out of the five programs which headed the January rankings, only 2 programs are still in the rankings. This is a natural result, given that there are many more malicious programs than just those which propagate via email.

However, the rankings do include email worms, and they are certainly not at the bottom of the list. They are leading the rankings for the second month in a row: in January, Worm.Win32.Feebs.gen was in first place, but in February fell to 5th place. Email-Worm.Win32.Bagle.fj rose to first place, in comparison with the 6th place it occupied in the mail traffic rankings.

Out of the rest of the worms in this list, it’s worth highlighting Wukill, which did not make it into the mail traffic rankings. However, the online scanner data shows it overtaking NetSky.q, which reached 9th place in the mail traffic rankings.

The second interesting point is that most of the malicious programs in the rankings are Trojans, just as was the case a month ago. The majority of these are from the most widespread and most dangerous classes of Trojan-Spy and Trojan-Downloader. There are four Trojans in the top six positions, and these programs are designed to steal user data for online banking and e-payment systems. This is worrying, because there are actually a great many of these Trojans, and they are very wide spread. In short, while email worms are the number one threat today, Trojans come second. Moreover, in terms of potential financial losses, these Trojans are more dangerous than email worms.
We also shouldn’t forget that these programs are usually installed to victim machines by Trojan-Downloaders. This type of malicious code constantly monitors malware sites, and downloads the newest variants of other malicious programs and Adware. If a machine is infected with a Trojan-Downloader, it won’t be long before the machine becomes a menagerie of malicious code. Trojan-Downloaders occupy 8th, 9th, 13th and 17th place in our on-line scanner ratings.

As for the rest of the rankings, Nyxem.e dropped to 8th place, showing that the epidemic has already peaked. The likelihood of users losing vital data when the worm’s payload triggers on the 3rd of each month is already low.
Of course, no rankings would be complete without a classic file virus. In February, an old acquaintance in the form of Parite.b made a comeback; this virus has been around since the turn of the millennium, which shows that the life cycle of file viruses is considerably longer than that of other malicious programs.

Summary: