Malware reports

Virus Top Twenty for April 2004

Position Change in position Name Percentage by occurrence (%)
1 0 I-Worm.Netsky.b 36.42%
2 +3 I-Worm.Netsky.q 18.64%
3 new I-Worm.Netsky.t 12.32%
4 -2 I-Worm.Mydoom.a 5.92%
5 -3 I-Worm.Netsky.d 5.01%
6 new I-Worm.Netsky.aa 3.26%
7 -3 I-Worm.Mydoom.e 2.30%
8 new I-Worm.Netsky.r 2.15%
9 new I-Worm.Netsky.y 2.03%
10 -4 I-Worm.Swen 1.62%
11 -3 I-Worm.Mydoom.g 1.51%
12 -3 I-Worm.Netsky.c 1.13%
13 -3 I-Worm.Bagle.i 0.60%
14 new I-Worm.LovGate.w 0.59%
15 +2 I-Worm.Lentin.v 0.47%
16 new I-Worm.Netsky.m 0.46%
17 new I-Worm.Netsky.o 0,42%
18 -5 I-Worm.Klez.h 0.30%
19 -1 I-Worm.Mimail.a 0.26%
20 re-entry I-Worm.Dumaru.a 0.25%
Other malicious programs* 4.34%
* not included in the Top Twenty

April 2004 turned out to be a quiet month – relatively speaking. Relative, that is to March 2004, the worst month in computer virus history to date. In April, NetSky won in the new variants sweepstakes, versus Bagle in March. 6 new Netskys pushed Bagle.i down to a mere 13th place. In fact, it’s fair to say that Netsky seems to have won the virus war conducted so fiercely by the Bagle and Netsky authors in February and March.

However, he who laughs last, laughs best: the arrest of the 18-year old German coder claiming to be the authour of the Netsky worms may mean that Bagle still has a chance to have the last laugh in the virus wars. Not an optimistic scenario for the computing community, but certainly a possibility. In the meantime, not only did NetSky.b managed to retain first place in April, as well as March, but NetSky variants also took second and third place.

The Mydoom worms are continuing to slip in the ratings, both falling 3-4 places. We may see one or both disappear in the May ratings. Swen, one of last year’s favourites, is surprisingly enough still in the top 10. Sadly, this confirms the success of the social engineering implemented by the author – Swen arrives disguised as a ‘hot update’ from Microsoft and people are still falling for this trick.

It is interesting to note that Lentin.v, first detected in December 2003 is creeping up in the ratings, moving from 17th to 15th place. Lentin.v and the newcomer LovGate.w (in 14th place) demonstrate that classic propagation methods do still work.

Klez.h is simply amazing! The worm was detected exactly two years ago and has been in the top twenty ever since. We can only guess at how many computers have been infected over these two years, but the figure must by now be in the millions.

And finally, we have Dumaru and Mimail. Only the very first variants of both worms remain in the top twenty. NetSky has scored again, since NetSky removes Mimail variants and other viruses from infected systems.

This month other malicious programs made up a significant proportion of overall traffic. On the other hand, we registered only a little over 500 different types of malware, i.e. less than half the number detected in March.


New entries: 6 Netsky variants and LovGate.w

Moved up: Netsky.q and Lentin.v

Moved down: Mydoom.a, Netsky.d, Mydoom.e, Swen, Mydoom.g, Netsky.c, Bagle.i, Klez.h and Mimail.a

Virus Top Twenty for April 2004

Your email address will not be published. Required fields are marked *



APT trends report Q1 2024

The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox