Virus Top 20 for June 2008

Position	Change in position	Name	Proactive Detection Flag	Percentage
1.	0	Email-Worm.Win32.NetSky.q	Trojan.generic	34.15
2.	+2	Email-Worm.Win32.Nyxem.e	Trojan.generic	13.16
3.	-1	Email-Worm.Win32.NetSky.y	Trojan.generic	8.20
4.	+14	Net-Worm.Win32.Mytob.t	Worm.P2P.generic	5.40
5.	-2	Email-Worm.Win32.Scano.gen	Trojan.generic	3.89
6.	-1	Email-Worm.Win32.NetSky.d	Trojan.generic	3.62
7.	0	Email-Worm.Win32.NetSky.aa	Trojan.generic	3.01
8.	Return	Email-Worm.Win32.Mydoom.m	Trojan.generic	2.95
9.	+8	Email-Worm.Win32.Mydoom.l	Worm.P2P.generic	2.62
10.	+1	Net-Worm.Win32.Mytob.c	Trojan.generic	2.48
11.	-5	Email-Worm.Win32.NetSky.x	Trojan.generic	2.45
12.	-3	Email-Worm.Win32.Bagle.gt	Trojan.generic	2.42
13.	+1	Email-Worm.Win32.NetSky.t	Trojan.generic	2.14
14.	-2	Email-Worm.Win32.Bagle.gen	Trojan.generic	1.46
15.	-7	Email-Worm.Win32.NetSky.b	Trojan.generic	1.02
16.	New!	Net-Worm.Win32.Nimda	Invader	0.93
17.	New!	Trojan-Downloader.Win32.Injecter.ga	Invader	0.91
18.	-8	Net-Worm.Win32.Mytob.u	Trojan.generic	0.67
19.	New!	Exploit.Win32.IMG-WMF.y	(WMF exploit)	0.65
20.	New!	Email-Worm.Win32.LovGate.w	Trojan.generic	0.58
Other Malicious Programs				7.29

Summer vacation is in full swing. As a result, changes in the statistics for malicious programs in mail traffic are relatively small. Netsky and Nyxem, the long-standing leaders of the Top Twenty, have merely shifted their positions slightly.

The only meaningful change in the rankings is that Nimda, an old worm which first appeared back in 2001, has resurfaced. Nimda is a versatile worm that spreads not only via email, but also across network drives on local area networks. It also attempts to attack IIS servers on the network. This is a nasty piece of malicious code: it leaves the computer wide open to anyone by adding a Guest user to the Administrators group and making local disks accessible by other computers on the network.

It is also worth mentioning a newcomer to the rankings: Exploit.Win32.IMG-WMF.y. Exploits being sent by email pose a serious threat to users, as some email clients display media content without first prompting the user. This exposes the computer to automatic infection. The user doesn’t need to give permission for the attachment to be saved or run – the malicious code will execute automatically when the user views the message.

Other malicious programs made up a significant 7.29% of all malicious code found in mail traffic in June.

The Top Twenty countries which acted as sources of infected emails in June are shown below:

Position	Change	Country	Percentage
1	0	United States	18.95
2	+1	South Korea	7.97
3	+2	China	5.79
4	0	Spain	5.44
5	+3	Brazil	4.97
6	+1	Russia	4.41
7	+2	United Kingdom	4.28
8	-1	Germany	4.28
9	-3	France	3.86
10	-8	Poland	2.71
11	-1	India	2.65
12	-1	Italy	2.65
13	0	Japan	2.00
14	+4	Argentina	1.97
15	-3	Isreal	1.89
16	0	Turkey	1.49
17	-3	Canada	1.31
18	-3	The Netherlands	1.17
19	-2	Australia	1.16
20	New!	Ukraine	1.12
Other Countries			19.95

Summary

• New: Net-Worm.Win32.Nimda, Trojan-Downloader.Win32.Injecter.ga, Exploit.Win32.IMG-WMF.y, Email-Worm.Win32.LovGate.w.
• Moved up: Email-Worm.Win32.Nyxem.e, Net-Worm.Win32.Mytob.t, Email-Worm.Win32.Mydoom.l, Net-Worm.Win32.Mytob.c, Email-Worm.Win32.NetSky.t.
• Moved down: Email-Worm.Win32.NetSky.y, Email-Worm.Win32.Scano.gen, Email-Worm.Win32.NetSky.d, Email-Worm.Win32.NetSky.x, Email-Worm.Win32.Bagle.gt, Email-Worm.Win32.Bagle.gen, Email-Worm.Win32.NetSky.b, Net-Worm.Win32.Mytob.u.
• Returned: Email-Worm.Win32.Mydoom.m.
• No change: Email-Worm.Win32.NetSky.q, Email-Worm.Win32.NetSky.aa.