Position | Change in position | Name | Proactive Detection Flag | Percentage |
1. | +1 |
Email-Worm.Win32.NetSky.q | Trojan.generic | 21.28 |
2. | +1 |
Email-Worm.Win32.Bagle.gt | Trojan.generic | 12.96 |
3. | +3 |
Email-Worm.Win32.NetSky.aa | Trojan.generic | 9.26 |
4. | +3 |
Net-Worm.Win32.Mytob.c | Trojan.generic | 8.97 |
5. | 0 |
Worm.Win32.Feebs.gen | Hidden Data Sending | 6.03 |
6. | +2 |
Email-Worm.Win32.Mydoom.l | Trojan.generic | 4.93 |
7. | -3 |
Email-Worm.Win32.NetSky.t | Trojan.generic | 4.81 |
8. | +2 | Exploit.Win32.IMG-WMF.y | WMF* | 3.52 |
9. | +4 | Net-Worm.Win32.Mytob.t | Worm.P2P.generic | 3.22 |
10. | +1 |
Email-Worm.Win32.NetSky.b | Trojan.generic | 2.65 |
11. | +1 | Email-Worm.Win32.NetSky.x | Trojan.generic | 2.43 |
12. | +5 | Email-Worm.Win32.Scano.gen | Trojan.generic | 2.12 |
13. | +1 | Net-Worm.Win32.Mytob.u | Worm.P2P.generic | 1.59 |
14. | New! |
Trojan-Downloader.Win32.Agent.brk | Hidden object | 1.58 |
15. | 0 |
Email-Worm.Win32.Mydoom.m | Trojan.generic | 1.49 |
16. | New! |
Email-Worm.Win32.Womble.a | Trojan.generic | 1.38 |
17. | -1 |
Email-Worm.Win32.Womble.d | Trojan.generic | 1.27 |
18. | Return |
Net-Worm.Win32.Mytob.dam | [Damaged] | 0.94 |
19. | Return |
Net-Worm.Win32.Mytob.bt | Trojan.generic | 0.91 |
20. | -1 |
Virus.Win32.Grum.a | Virus** | 0.90 |
Other malicious programs | 7.76 | |||
* — a file in the WMF graphics format. ** — The PDM module is not intended for combating classic computer viruses |
August once again turned out to be “dead season” for virus epidemics in 2007. Since August 2003, when the Lovesan worm caused the biggest epidemic in history, the final month of summer has typically been the quietest and most uneventful, as it is a period when both virus writers and antivirus professionals often go on holiday.
Even the waves of mass-mailings sent out by the Warezov and Zhelatin worms were missing in action in August. Warezov.pk, the leader in July, disappeared suddenly from our virus radar screens. However, it’s worth remembering that the launching pad for Warezov.pk was created back in May by Trojan-Downloader.Win32.Agent.bcs. August’s Top Twenty features a new program used to create botnets and the conditions for new epidemics: Trojan-Downloader.Win32.Agent.brk. It looks as though a significant new outbreak of email threats will be strike in September.
As usual, as new malicious programs that previously took the lead begin to fade or even disappear, the top positions in our rankings are once again taken by old malware. In August, NetSky.q took first place yet again. A three-and-a-half year lifespan has not had any apparent effect on the widespread impact of this worm, and antivirus companies are left wondering just what else they have to do to exterminate this Internet pest.
Meanwhile, the Womble family of worms continues its unusual increase in mail traffic. In July, Exploit.Win32.IMG-WMF.y climbed seven positions, and inched up another two places in August, finally making it into the Top Ten (in eighth place). IMG-WMF.y is a component used in all Womble worms and it brought Womble.d up the ratings in July, with Womble.a joining these two programs in August. All these worms were detected a year ago in August 2006, but they have only just recently managed to make waves in mail traffic.
Last month Scano.gen made a Top 20 comeback, and made the most gains of all malicious programs in August, rising a full five positions to twelfth place. Scano.gen may end up following in the footsteps of another very similar worm, Feebs.gen, which rose to the top in the very same way and has been holding strong in fifth place for two months now.
Other malicious programs made up 7.76% of all malicious code in mail traffic, indicating that there is still a relatively large number of other worm and Trojan families in circulation.
- New: Email-Worm.Win32.Womble.a, Trojan-Downloader.Win32.Agent.brk
- Moved up: Email-Worm.Win32.NetSky.q, Email-Worm.Win32.Bagle.gt, Email-Worm.Win32.NetSky.aa, Net-Worm.Win32.Mytob.c, Email-Worm.Win32.Mydoom.l, Exploit.Win32.IMG-WMF.y, Net-Worm.Win32.Mytob.t, Email-Worm.Win32.NetSky.b, Email-Worm.Win32.NetSky.x, Email-Worm.Win32.Scano.gen, Net-Worm.Win32.Mytob.u
- Moved down: Email-Worm.Win32.NetSky.t, Email-Worm.Win32.Womble.d, Virus.Win32.Grum.a
- Re-entry: Net-Worm.Win32.Mytob.dam, Net-Worm.Win32.Mytob.bt
Virus Top Twenty for August 2007