Virus Top 20 for February 2008

Position	Change in position	Name	Proactive Detection Flag	Percentage
1	0	Email-Worm.Win32.NetSky.q	Trojan.generic	35.57
2	+1	Email-Worm.Win32.Bagle.gt	Trojan.generic	6.49
3	-1	Email-Worm.Win32.Nyxem.e	Trojan.generic	6.47
4	+4	Email-Worm.Win32.NetSky.d	Trojan.generic	6.04
5	New	Trojan-Downloader.Win32.Small.hsl	(downloader)	5.71
6	+5	Net-Worm.Win32.Mytob.q	Worm.P2P.generic	5.62
7	-3	Email-Worm.Win32.NetSky.aa	Trojan.generic	5.15
8	-3	Email-Worm.Win32.Scano.gen	Trojan.generic	3.88
9	Return	Email-Worm.Win32.NetSky.x	Trojan.generic	3.56
10	+7	Email-Worm.Win32.Mydoom.l	Worm.P2P.generic	2.83
11	Return	Email-Worm.Win32.Mydoom.m	Trojan.generic	2.52
12	New	Trojan-Downloader.Win32.Diehard.ez	Hidden object	2.06
13	-1	Email-Worm.Win32.NetSky.y	Trojan.generic	1.94
14	-5	Net-Worm.Win32.Mytob.w	Worm.P2P.generic	1.47
15	+1	Net-Worm.Win32.Mytob.t	Worm.P2P.generic	1.43
16	Return	Net-Worm.Win32.Mytob.bi	Trojan.generic	1.21
17	-3	Email-Worm.Win32.Bagle.gen	Trojan.generic	1.19
18	Return	Net-Worm.Win32.Mytob.c	Trojan.generic	0.60
19	-1	Email-Worm.Win32.Scano.bn	Trojan.generic	0.58
20	Return	Email-Worm.Win32.NetSky.c	Trojan.generic	0.56
Other malicious programs				5.12
Percentage of infected messages in mail traffic				0.61

The statistics resulting from our scanning of mail traffic in February 2008 were slightly different to data from the first month of the year.

Although the Trojan-Downloader program, Diehard, is continuing to cause significant outbreaks, this isn’t reflected in the rankings.

There were four variants of this program in the January Top Twenty. In February, these four were replaced by a single new version which occupies twelfth place; however, this does not mean that the battle against Diehard is over. The number of programs in this family continued to rise rapidly in February, with approximately 50 new modifications being detected over the course of the month. In comparison, only 100 new modifications were detected during the previous four months (from October 2007 onwards).

The series of mass flash mailings which contain Diehard continue to disrupt mail traffic at least once a day, and it’s always a new variant of the program which is sent out. If the percentages for all variants of this Trojan are added together, in percentage terms Diehard ranks higher than the actual leader of the Top Twenty, NetSky.q.

In general, the rankings have remained relatively stable. The second new entrant to this month’s Top Twenty is another downloader program, Trojan-Downloader.Win32.Small.hsl. This program made it into fifth place straight away, and this may indicate that another dangerous new family will start figuring in our statistics in the near future.

Interestingly, of the four families of malicious code which are currently causing epidemics, only Diehard and Bagle are present in the rankings. Their two competitors, Zhelatin and Warezov, appear to be taking something of a break. However, Zhelatin did take advantage of Valentine’s Day when the latest versions of this malicious program were mass mailed.

Other malicious programs made up a moderate percentage (5.12%) of all malicious code found in mail traffic, indicating that a number of other worms and Trojans are currently in active circulation.

The total percentage of infected messages in mail traffic detected by Kaspersky Lab scanning and analysis methods was 0.61%.

The twenty top countries which act as sources for infected messages in February are shown in the table below: