Malware reports

Virus Top 20 for January 2008

Position Change in position Name Proactive Detection Flag Percentage
1 top20_noch
Email-Worm.Win32.NetSky.q Trojan.generic 27.22
2 top20_up
Email-Worm.Win32.Nyxem.e Trojan.generic 12.23
3 top20_up
+3 Trojan.generic 9.27
4 top20_up
Email-Worm.Win32.NetSky.aa Hidden object 7.39
5 top20_noch
Email-Worm.Win32.Scano.gen Trojan.generic 6.19
6 top20_new
Trojan-Downloader.Win32.Diehard.dg Hidden object 4.32
7 top20_new
Trojan-Dropper.Win32.Small.bdj Hidden object 3.54
8 top20_up
Email-Worm.Win32.NetSky.d Trojan.generic 2.92
9 top20_ret
Net-Worm.Win32.Mytob.w Worm.P2P.generic 2.79
10 top20_new
Email-Worm.Win32.Warezov.yi (downloader) 2.50
11 top20_ret
Net-Worm.Win32.Mytob.q Worm.P2P.generic 2.40
12 top20_up
Email-Worm.Win32.NetSky.y Trojan.generic 2.10
13 top20_new
Trojan-Downloader.Win32.Diehard.dh Hidden object 1.98
14 top20_up
Email-Worm.Win32.Bagle.gen Trojan.generic 1.69
15 top20_ret
Email-Worm.Win32.NetSky.t Trojan.generic 1.40
16 top20_up
Net-Worm.Win32.Mytob.t Worm.P2P.generic 1.26
17 top20_down
Email-Worm.Win32.Mydoom.l Worm.P2P.generic 1.16
18 top20_down
-4 Trojan.generic 0.97
19 top20_new
New Hidden object 0.94
20 top20_new
New Hidden object 0.90
Other malicious programs 6.83


For the second month in a row, representatives of the new Trojan-Downloader family Diehard have been creating a considerable stir in mail traffic.

Our December 2007 Top Twenty contain three variants of this program; yet another variant has joined the rankings in the first month of 2008. The unknown authors are using exactly the same approach which made families such as Warezov and Zhelatin so successful two years ago – conducting a multitude of very short lived mass-mailings. However, in contrast to Warezov, we’re not yet seeing ten new variants of Diehard every day.

All of this has a very interesting effect – older email worms end up occupying leading positions in the rankings. Two examples are NetSky.q, which seems to constantly head the Top Twenty, and Nyxem.e, which made it into second place in January. They are a constant presence in mail traffic, and it’s always the same variants. However, it’s not them that represent a real threat, but rather the short lived widespread mass mailings of Trojans which they conduct.

On the other hand, Warezov shows no sign of disappearing. In December, a member of this family was in third place, and in January a different variant took tenth place.

Nyxem.e, and Netsky.aa have made a noticeable leap forward. They are taking up three out of the top four positions, while a mere two months ago, in November, they had only just managed to re-enter the rankings.

It’s interesting that Fraud.ay, a phishing attack which targets users of Yandex.Dengi, a Russian e-payment system, has disappeared from the Top Twenty. This malicious program first appeared in April last year, and started appearing more and more frequently in autumn and at the beginning of winter. The organizers of the attack didn’t waste their time and efforts attempting to evade antivirus and antispam filters – even the newest variants of phishing emails could be detected and intercepted without having to update antivirus databases.

It may happen that the attacks on Yandex will be repeated in the near future; phishing in mail traffic is likely to become much more significant in 2008. After all, the foundation for these attacks is the army of zombie computers created by Warezov and Diehard.

Other malicious programs made up 6.83% of all malicious code in mail traffic, indicating that there is still a significant number of other worm and Trojan families in circulation.


  • New: Trojan-Downloader.Win32.Diehard.dg, Trojan-Dropper.Win32.Small.bdj, Email-Worm.Win32.Warezov.yi, Trojan-Downloader.Win32.Diehard.dh,,
  • Went up: Email-Worm.Win32.Nyxem.e,, Netsky.aa, Email-Worm.Win32.NetSky.d, Email-Worm.Win32.NetSky.y, Email-Worm.Win32.Bagle.gen, Net-Worm.Win32.Mytob.t.
  • Went down:
  • Re-entry: Net-Worm.Win32.Mytob.w, Net-Worm.Win32.Mytob.q, mail-Worm.Win32.NetSky.t.

Virus Top 20 for January 2008

Your email address will not be published. Required fields are marked *



APT trends report Q1 2024

The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox