Malware reports

Virus Top 20 for February 2008

Position Change in position Name Proactive Detection Flag Percentage
1 top20_noch
0
Email-Worm.Win32.NetSky.q Trojan.generic 35.57
2 top20_up
+1
Email-Worm.Win32.Bagle.gt Trojan.generic 6.49
3 top20_down
-1
Email-Worm.Win32.Nyxem.e Trojan.generic 6.47
4 top20_up
+4
Email-Worm.Win32.NetSky.d Trojan.generic 6.04
5 top20_new
New
Trojan-Downloader.Win32.Small.hsl (downloader) 5.71
6 top20_up
+5
Net-Worm.Win32.Mytob.q Worm.P2P.generic 5.62
7 top20_down
-3
Email-Worm.Win32.NetSky.aa Trojan.generic 5.15
8 top20_down
-3
Email-Worm.Win32.Scano.gen Trojan.generic 3.88
9 top20_ret
Return
Email-Worm.Win32.NetSky.x Trojan.generic 3.56
10 top20_up
+7
Email-Worm.Win32.Mydoom.l Worm.P2P.generic 2.83
11 top20_ret
Return
Email-Worm.Win32.Mydoom.m Trojan.generic 2.52
12 top20_new
New
Trojan-Downloader.Win32.Diehard.ez Hidden object 2.06
13 top20_down
-1
Email-Worm.Win32.NetSky.y Trojan.generic 1.94
14 top20_down
-5
Net-Worm.Win32.Mytob.w Worm.P2P.generic 1.47
15 top20_up
+1
Net-Worm.Win32.Mytob.t Worm.P2P.generic 1.43
16 top20_ret
Return
Net-Worm.Win32.Mytob.bi Trojan.generic 1.21
17 top20_down
-3
Email-Worm.Win32.Bagle.gen Trojan.generic 1.19
18 top20_ret
Return
Net-Worm.Win32.Mytob.c Trojan.generic 0.60
19 top20_down
-1
Email-Worm.Win32.Scano.bn Trojan.generic 0.58
20 top20_ret
Return
Email-Worm.Win32.NetSky.c Trojan.generic 0.56
Other malicious programs 5.12
Percentage of infected messages in mail traffic 0.61

 

The statistics resulting from our scanning of mail traffic in February 2008 were slightly different to data from the first month of the year.

Although the Trojan-Downloader program, Diehard, is continuing to cause significant outbreaks, this isn’t reflected in the rankings.

There were four variants of this program in the January Top Twenty. In February, these four were replaced by a single new version which occupies twelfth place; however, this does not mean that the battle against Diehard is over. The number of programs in this family continued to rise rapidly in February, with approximately 50 new modifications being detected over the course of the month. In comparison, only 100 new modifications were detected during the previous four months (from October 2007 onwards).

The series of mass flash mailings which contain Diehard continue to disrupt mail traffic at least once a day, and it’s always a new variant of the program which is sent out. If the percentages for all variants of this Trojan are added together, in percentage terms Diehard ranks higher than the actual leader of the Top Twenty, NetSky.q.

In general, the rankings have remained relatively stable. The second new entrant to this month’s Top Twenty is another downloader program, Trojan-Downloader.Win32.Small.hsl. This program made it into fifth place straight away, and this may indicate that another dangerous new family will start figuring in our statistics in the near future.

Interestingly, of the four families of malicious code which are currently causing epidemics, only Diehard and Bagle are present in the rankings. Their two competitors, Zhelatin and Warezov, appear to be taking something of a break. However, Zhelatin did take advantage of Valentine’s Day when the latest versions of this malicious program were mass mailed.

Other malicious programs made up a moderate percentage (5.12%) of all malicious code found in mail traffic, indicating that a number of other worms and Trojans are currently in active circulation.

The total percentage of infected messages in mail traffic detected by Kaspersky Lab scanning and analysis methods was 0.61%.

The twenty top countries which act as sources for infected messages in February are shown in the table below:

Position Country Percentage
1 UNITED STATES 13,30
2 S.KOREA 7.88
3 INDIA 6.05
4 CHINA 5.75
5 UNITED KINGDOM 4.66
6 GERMANY 4.58
7 SPAIN 3.18
8 POLAND 2.50
9 BRAZIL 2.45
10 JAPAN 2.29
11 FRANCE 2.19
12 TURKEY 2.12
13 ITALY 2.07
14 RUSSIAN FEDERATION 2.00
15 PAKISTAN 1.94
16 AUSTRALIA 1.82
17 CANADA 1.46
18 NETHERLANDS 1.38
19 ROMANIA 1.37
20 UNITED ARAB EMIRATES 1.34
Other countries 29.67
  1. New: Trojan-Downloader.Win32.Diehard.ez, Trojan-Downloader.Win32.Small.hsl
  2. Went up: Email-Worm.Win32.Bagle.gt, NetSky.d, Email-Worm.Win32.Mytob.q, Email-Worm.Win32.Mydoom.l, Net-Worm.Win32.Mytob.t
  3. Went down: Email-Worm.Win32.Nyxem.e, Email-Worm.Win32.NetSky.aa, Email-Worm.Win32.Scano.gen, Email-Worm.Win32.NetSky.y, Net-Worm.Win32.Mytob.w, Email-Worm.Win32.Bagle.gen, Email-Worm.Win32.Scano.bn
  4. Re-entry: Email-Worm.Win32.NetSky.x, Email-Worm.Win32.Mydoom.m, Email-Worm.Win32.Mydoom.m, Net-Worm.Win32.Mytob.bi, Net-Worm.Win32.Mytob.c, Email-Worm.Win32.NetSky.c

Virus Top 20 for February 2008

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox