Malware reports

Virus Top 20 for January 2008

Position Change in position Name Proactive Detection Flag Percentage
1 top20_noch
0
Email-Worm.Win32.NetSky.q Trojan.generic 27.22
2 top20_up
+8
Email-Worm.Win32.Nyxem.e Trojan.generic 12.23
3 top20_up
+3
Email-Worm.Win32.Bagle.gt Trojan.generic 9.27
4 top20_up
+4
Email-Worm.Win32.NetSky.aa Hidden object 7.39
5 top20_noch
0
Email-Worm.Win32.Scano.gen Trojan.generic 6.19
6 top20_new
New
Trojan-Downloader.Win32.Diehard.dg Hidden object 4.32
7 top20_new
New
Trojan-Dropper.Win32.Small.bdj Hidden object 3.54
8 top20_up
+3
Email-Worm.Win32.NetSky.d Trojan.generic 2.92
9 top20_ret
Return
Net-Worm.Win32.Mytob.w Worm.P2P.generic 2.79
10 top20_new
New
Email-Worm.Win32.Warezov.yi (downloader) 2.50
11 top20_ret
Return
Net-Worm.Win32.Mytob.q Worm.P2P.generic 2.40
12 top20_up
+4
Email-Worm.Win32.NetSky.y Trojan.generic 2.10
13 top20_new
New
Trojan-Downloader.Win32.Diehard.dh Hidden object 1.98
14 top20_up
+1
Email-Worm.Win32.Bagle.gen Trojan.generic 1.69
15 top20_ret
Return
Email-Worm.Win32.NetSky.t Trojan.generic 1.40
16 top20_up
+4
Net-Worm.Win32.Mytob.t Worm.P2P.generic 1.26
17 top20_down
-4
Email-Worm.Win32.Mydoom.l Worm.P2P.generic 1.16
18 top20_down
-4
Email-Worm.Win32.Scano.bn Trojan.generic 0.97
19 top20_new
New
Trojan-Downloader.Win32.Diehard.dj Hidden object 0.94
20 top20_new
New
Trojan-Downloader.Win32.Diehard.dk Hidden object 0.90
Other malicious programs 6.83

 

For the second month in a row, representatives of the new Trojan-Downloader family Diehard have been creating a considerable stir in mail traffic.

Our December 2007 Top Twenty contain three variants of this program; yet another variant has joined the rankings in the first month of 2008. The unknown authors are using exactly the same approach which made families such as Warezov and Zhelatin so successful two years ago – conducting a multitude of very short lived mass-mailings. However, in contrast to Warezov, we’re not yet seeing ten new variants of Diehard every day.

All of this has a very interesting effect – older email worms end up occupying leading positions in the rankings. Two examples are NetSky.q, which seems to constantly head the Top Twenty, and Nyxem.e, which made it into second place in January. They are a constant presence in mail traffic, and it’s always the same variants. However, it’s not them that represent a real threat, but rather the short lived widespread mass mailings of Trojans which they conduct.

On the other hand, Warezov shows no sign of disappearing. In December, a member of this family was in third place, and in January a different variant took tenth place.

Nyxem.e, Bagle.gt and Netsky.aa have made a noticeable leap forward. They are taking up three out of the top four positions, while a mere two months ago, in November, they had only just managed to re-enter the rankings.

It’s interesting that Fraud.ay, a phishing attack which targets users of Yandex.Dengi, a Russian e-payment system, has disappeared from the Top Twenty. This malicious program first appeared in April last year, and started appearing more and more frequently in autumn and at the beginning of winter. The organizers of the attack didn’t waste their time and efforts attempting to evade antivirus and antispam filters – even the newest variants of phishing emails could be detected and intercepted without having to update antivirus databases.

It may happen that the attacks on Yandex will be repeated in the near future; phishing in mail traffic is likely to become much more significant in 2008. After all, the foundation for these attacks is the army of zombie computers created by Warezov and Diehard.

Other malicious programs made up 6.83% of all malicious code in mail traffic, indicating that there is still a significant number of other worm and Trojan families in circulation.

Summary

  • New: Trojan-Downloader.Win32.Diehard.dg, Trojan-Dropper.Win32.Small.bdj, Email-Worm.Win32.Warezov.yi, Trojan-Downloader.Win32.Diehard.dh, Trojan-Downloader.Win32.Diehard.dj, Trojan-Downloader.Win32.Diehard.dk.
  • Went up: Email-Worm.Win32.Nyxem.e, Bagle.gt, Netsky.aa, Email-Worm.Win32.NetSky.d, Email-Worm.Win32.NetSky.y, Email-Worm.Win32.Bagle.gen, Net-Worm.Win32.Mytob.t.
  • Went down: Email-Worm.Win32.Scano.bn.
  • Re-entry: Net-Worm.Win32.Mytob.w, Net-Worm.Win32.Mytob.q, mail-Worm.Win32.NetSky.t.

Virus Top 20 for January 2008

Your email address will not be published. Required fields are marked *

 

Reports

How to catch a wild triangle

How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules.

Subscribe to our weekly e-mails

The hottest research right in your inbox