Malware reports

Virus Top 20 for February 2008

Position Change in position Name Proactive Detection Flag Percentage
1 top20_noch
Email-Worm.Win32.NetSky.q Trojan.generic 35.57
2 top20_up
+1 Trojan.generic 6.49
3 top20_down
Email-Worm.Win32.Nyxem.e Trojan.generic 6.47
4 top20_up
Email-Worm.Win32.NetSky.d Trojan.generic 6.04
5 top20_new
Trojan-Downloader.Win32.Small.hsl (downloader) 5.71
6 top20_up
Net-Worm.Win32.Mytob.q Worm.P2P.generic 5.62
7 top20_down
Email-Worm.Win32.NetSky.aa Trojan.generic 5.15
8 top20_down
Email-Worm.Win32.Scano.gen Trojan.generic 3.88
9 top20_ret
Email-Worm.Win32.NetSky.x Trojan.generic 3.56
10 top20_up
Email-Worm.Win32.Mydoom.l Worm.P2P.generic 2.83
11 top20_ret
Email-Worm.Win32.Mydoom.m Trojan.generic 2.52
12 top20_new
Trojan-Downloader.Win32.Diehard.ez Hidden object 2.06
13 top20_down
Email-Worm.Win32.NetSky.y Trojan.generic 1.94
14 top20_down
Net-Worm.Win32.Mytob.w Worm.P2P.generic 1.47
15 top20_up
Net-Worm.Win32.Mytob.t Worm.P2P.generic 1.43
16 top20_ret
Return Trojan.generic 1.21
17 top20_down
Email-Worm.Win32.Bagle.gen Trojan.generic 1.19
18 top20_ret
Net-Worm.Win32.Mytob.c Trojan.generic 0.60
19 top20_down
-1 Trojan.generic 0.58
20 top20_ret
Email-Worm.Win32.NetSky.c Trojan.generic 0.56
Other malicious programs 5.12
Percentage of infected messages in mail traffic 0.61


The statistics resulting from our scanning of mail traffic in February 2008 were slightly different to data from the first month of the year.

Although the Trojan-Downloader program, Diehard, is continuing to cause significant outbreaks, this isn’t reflected in the rankings.

There were four variants of this program in the January Top Twenty. In February, these four were replaced by a single new version which occupies twelfth place; however, this does not mean that the battle against Diehard is over. The number of programs in this family continued to rise rapidly in February, with approximately 50 new modifications being detected over the course of the month. In comparison, only 100 new modifications were detected during the previous four months (from October 2007 onwards).

The series of mass flash mailings which contain Diehard continue to disrupt mail traffic at least once a day, and it’s always a new variant of the program which is sent out. If the percentages for all variants of this Trojan are added together, in percentage terms Diehard ranks higher than the actual leader of the Top Twenty, NetSky.q.

In general, the rankings have remained relatively stable. The second new entrant to this month’s Top Twenty is another downloader program, Trojan-Downloader.Win32.Small.hsl. This program made it into fifth place straight away, and this may indicate that another dangerous new family will start figuring in our statistics in the near future.

Interestingly, of the four families of malicious code which are currently causing epidemics, only Diehard and Bagle are present in the rankings. Their two competitors, Zhelatin and Warezov, appear to be taking something of a break. However, Zhelatin did take advantage of Valentine’s Day when the latest versions of this malicious program were mass mailed.

Other malicious programs made up a moderate percentage (5.12%) of all malicious code found in mail traffic, indicating that a number of other worms and Trojans are currently in active circulation.

The total percentage of infected messages in mail traffic detected by Kaspersky Lab scanning and analysis methods was 0.61%.

The twenty top countries which act as sources for infected messages in February are shown in the table below:

Position Country Percentage
2 S.KOREA 7.88
3 INDIA 6.05
4 CHINA 5.75
6 GERMANY 4.58
7 SPAIN 3.18
8 POLAND 2.50
9 BRAZIL 2.45
10 JAPAN 2.29
11 FRANCE 2.19
12 TURKEY 2.12
13 ITALY 2.07
15 PAKISTAN 1.94
17 CANADA 1.46
19 ROMANIA 1.37
Other countries 29.67
  1. New: Trojan-Downloader.Win32.Diehard.ez, Trojan-Downloader.Win32.Small.hsl
  2. Went up:, NetSky.d, Email-Worm.Win32.Mytob.q, Email-Worm.Win32.Mydoom.l, Net-Worm.Win32.Mytob.t
  3. Went down: Email-Worm.Win32.Nyxem.e, Email-Worm.Win32.NetSky.aa, Email-Worm.Win32.Scano.gen, Email-Worm.Win32.NetSky.y, Net-Worm.Win32.Mytob.w, Email-Worm.Win32.Bagle.gen,
  4. Re-entry: Email-Worm.Win32.NetSky.x, Email-Worm.Win32.Mydoom.m, Email-Worm.Win32.Mydoom.m,, Net-Worm.Win32.Mytob.c, Email-Worm.Win32.NetSky.c

Virus Top 20 for February 2008

Your email address will not be published. Required fields are marked *



How to catch a wild triangle

How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules.

Subscribe to our weekly e-mails

The hottest research right in your inbox