Malware reports

Virus Top Twenty and Review for January 2003

Kaspersky Labs presents a review of computer virus activity for January 2003.

The Top Twenty Most Widespread Malicious Programs

The percentage shown represents the percentage of registered incidences.

position virus percentage by occurrence
1 I-Worm.Klez 16.65%
2 I-Worm.Lentin 8.75%
3 I-Worm.Sobig 6.57%
4 I-Worm.Avron 6.55%
5 Macro.Word97.Thus 5.17%
6 I-Worm.Hybris 3.13%
7 I-Worm.Roron 2.46%
8 I-Worm.Tanatos 1.92%
9 <!–!–> Backdoor.NetDevil 1.25%
11 I-Worm.Magistr 0.95%
12 Macro.Word97.Marker 0.95%
13 Worm.Win32.Opasoft 0.79%
15 Win95.CIH 0.72%
16 <!–!–>Trojan.Spy.SCKeyLog 0.71%
17 Backdoor.Death 0.67%
18 <!–!–>VBS.Redlof 0.66%
19 Win32.Elkern 0.66%
20 Win32.FunLove 0.65%
*Other Dangerous Programs *38.87%

*not counted among the 20 most widespread

This rating of the most widespread malicious programs does not reflect the noise created by the network worm “Helkern” at the end of January. The reason for this is the standard method used to gather statistics (counting user reports and data from public access e-mail systems) does not yield precise enough information to generate accurate research statistics. Governmental and commercial organizations alike prefer to not publicize episodes such as worms penetrating their networks. Additionally, monitoring e-mail traffic simply does not help improve the situation, as “Helkern” does not use e-mail to spread itself. Alternative sources for data, so called “honeypots” for catching malicious packets, also don’t lend accurate data in terms of the actual number of computer infections. In the end, the means at our disposal are only empirical methods for defining the scale of epidemics and are not applicable for compiling monthly virus ratings.

The most pessimistic estimations have “Helkern” infecting approximately eighty thousand computers the world over. If to compare this indicator with the virus statistics of the Top Twenty list for January, it is safe to say that the “Helkern” worm actually took first place, provoking nearly 50% of all January virus incidences.

Most January infections were caused by network worms (77.19 %), programs that can spread via the Internet (e-mail, Web-services, Internet messengers, IRC channels, etc.). In second place are computer viruses (16.33) – especially prominent were Macro viruses. Trojan programs (6.49%) occupy the third position. The data shows a break in the trend started toward the end of 2002, when network worms experienced a percentage decline. Although, it is important to note that “Helkern” did not register in the source data for this review. If it were factored into the top twenty the entire picture would undoubtedly change and the share held by network worms would jump to a whopping 90%.

Virus Top Twenty and Review for January 2003

Your email address will not be published. Required fields are marked *



APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox