Malware reports

Virus Top Twenty for August 2007

Position Change in position Name Proactive Detection Flag Percentage
1. Up
Email-Worm.Win32.NetSky.q Trojan.generic 21.28
2. Up
+1 Trojan.generic 12.96
3. Up
Email-Worm.Win32.NetSky.aa Trojan.generic 9.26
4. Up
Net-Worm.Win32.Mytob.c Trojan.generic 8.97
5. No Change
Worm.Win32.Feebs.gen Hidden Data Sending 6.03
6. Up
Email-Worm.Win32.Mydoom.l Trojan.generic 4.93
7. Down
Email-Worm.Win32.NetSky.t Trojan.generic 4.81
8. Up+2 Exploit.Win32.IMG-WMF.y WMF* 3.52
9. Up+4 Net-Worm.Win32.Mytob.t Worm.P2P.generic 3.22
10. Up
Email-Worm.Win32.NetSky.b Trojan.generic 2.65
11. Up+1 Email-Worm.Win32.NetSky.x Trojan.generic 2.43
12. Up+5 Email-Worm.Win32.Scano.gen Trojan.generic 2.12
13. Up+1 Net-Worm.Win32.Mytob.u Worm.P2P.generic 1.59
14. New!
Trojan-Downloader.Win32.Agent.brk Hidden object 1.58
15. No Change
Email-Worm.Win32.Mydoom.m Trojan.generic 1.49
16. New!
Email-Worm.Win32.Womble.a Trojan.generic 1.38
17. Down
Email-Worm.Win32.Womble.d Trojan.generic 1.27
18. Return
Net-Worm.Win32.Mytob.dam [Damaged] 0.94
19. Return
Return Trojan.generic 0.91
20. Down
Virus.Win32.Grum.a Virus** 0.90
Other malicious programs 7.76

* — a file in the WMF graphics format.

** — The PDM module is not intended for combating classic computer viruses


August once again turned out to be “dead season” for virus epidemics in 2007. Since August 2003, when the Lovesan worm caused the biggest epidemic in history, the final month of summer has typically been the quietest and most uneventful, as it is a period when both virus writers and antivirus professionals often go on holiday.

Even the waves of mass-mailings sent out by the Warezov and Zhelatin worms were missing in action in August., the leader in July, disappeared suddenly from our virus radar screens. However, it’s worth remembering that the launching pad for was created back in May by Trojan-Downloader.Win32.Agent.bcs. August’s Top Twenty features a new program used to create botnets and the conditions for new epidemics: Trojan-Downloader.Win32.Agent.brk. It looks as though a significant new outbreak of email threats will be strike in September.

As usual, as new malicious programs that previously took the lead begin to fade or even disappear, the top positions in our rankings are once again taken by old malware. In August, NetSky.q took first place yet again. A three-and-a-half year lifespan has not had any apparent effect on the widespread impact of this worm, and antivirus companies are left wondering just what else they have to do to exterminate this Internet pest.

Meanwhile, the Womble family of worms continues its unusual increase in mail traffic. In July, Exploit.Win32.IMG-WMF.y climbed seven positions, and inched up another two places in August, finally making it into the Top Ten (in eighth place). IMG-WMF.y is a component used in all Womble worms and it brought Womble.d up the ratings in July, with Womble.a joining these two programs in August. All these worms were detected a year ago in August 2006, but they have only just recently managed to make waves in mail traffic.

Last month Scano.gen made a Top 20 comeback, and made the most gains of all malicious programs in August, rising a full five positions to twelfth place. Scano.gen may end up following in the footsteps of another very similar worm, Feebs.gen, which rose to the top in the very same way and has been holding strong in fifth place for two months now.

Other malicious programs made up 7.76% of all malicious code in mail traffic, indicating that there is still a relatively large number of other worm and Trojan families in circulation.

  • New: Email-Worm.Win32.Womble.a, Trojan-Downloader.Win32.Agent.brk
  • Moved up: Email-Worm.Win32.NetSky.q,, Email-Worm.Win32.NetSky.aa, Net-Worm.Win32.Mytob.c, Email-Worm.Win32.Mydoom.l, Exploit.Win32.IMG-WMF.y, Net-Worm.Win32.Mytob.t, Email-Worm.Win32.NetSky.b, Email-Worm.Win32.NetSky.x, Email-Worm.Win32.Scano.gen, Net-Worm.Win32.Mytob.u
  • Moved down: Email-Worm.Win32.NetSky.t, Email-Worm.Win32.Womble.d, Virus.Win32.Grum.a
  • Re-entry: Net-Worm.Win32.Mytob.dam,

Virus Top Twenty for August 2007

Your email address will not be published. Required fields are marked *



APT trends report Q1 2024

The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox