Malware reports

Virus Top Twenty for August 2007

Position Change in position Name Proactive Detection Flag Percentage
1. Up
Email-Worm.Win32.NetSky.q Trojan.generic 21.28
2. Up
+1 Trojan.generic 12.96
3. Up
Email-Worm.Win32.NetSky.aa Trojan.generic 9.26
4. Up
Net-Worm.Win32.Mytob.c Trojan.generic 8.97
5. No Change
Worm.Win32.Feebs.gen Hidden Data Sending 6.03
6. Up
Email-Worm.Win32.Mydoom.l Trojan.generic 4.93
7. Down
Email-Worm.Win32.NetSky.t Trojan.generic 4.81
8. Up+2 Exploit.Win32.IMG-WMF.y WMF* 3.52
9. Up+4 Net-Worm.Win32.Mytob.t Worm.P2P.generic 3.22
10. Up
Email-Worm.Win32.NetSky.b Trojan.generic 2.65
11. Up+1 Email-Worm.Win32.NetSky.x Trojan.generic 2.43
12. Up+5 Email-Worm.Win32.Scano.gen Trojan.generic 2.12
13. Up+1 Net-Worm.Win32.Mytob.u Worm.P2P.generic 1.59
14. New!
Trojan-Downloader.Win32.Agent.brk Hidden object 1.58
15. No Change
Email-Worm.Win32.Mydoom.m Trojan.generic 1.49
16. New!
Email-Worm.Win32.Womble.a Trojan.generic 1.38
17. Down
Email-Worm.Win32.Womble.d Trojan.generic 1.27
18. Return
Net-Worm.Win32.Mytob.dam [Damaged] 0.94
19. Return
Return Trojan.generic 0.91
20. Down
Virus.Win32.Grum.a Virus** 0.90
Other malicious programs 7.76

* — a file in the WMF graphics format.

** — The PDM module is not intended for combating classic computer viruses


August once again turned out to be “dead season” for virus epidemics in 2007. Since August 2003, when the Lovesan worm caused the biggest epidemic in history, the final month of summer has typically been the quietest and most uneventful, as it is a period when both virus writers and antivirus professionals often go on holiday.

Even the waves of mass-mailings sent out by the Warezov and Zhelatin worms were missing in action in August., the leader in July, disappeared suddenly from our virus radar screens. However, it’s worth remembering that the launching pad for was created back in May by Trojan-Downloader.Win32.Agent.bcs. August’s Top Twenty features a new program used to create botnets and the conditions for new epidemics: Trojan-Downloader.Win32.Agent.brk. It looks as though a significant new outbreak of email threats will be strike in September.

As usual, as new malicious programs that previously took the lead begin to fade or even disappear, the top positions in our rankings are once again taken by old malware. In August, NetSky.q took first place yet again. A three-and-a-half year lifespan has not had any apparent effect on the widespread impact of this worm, and antivirus companies are left wondering just what else they have to do to exterminate this Internet pest.

Meanwhile, the Womble family of worms continues its unusual increase in mail traffic. In July, Exploit.Win32.IMG-WMF.y climbed seven positions, and inched up another two places in August, finally making it into the Top Ten (in eighth place). IMG-WMF.y is a component used in all Womble worms and it brought Womble.d up the ratings in July, with Womble.a joining these two programs in August. All these worms were detected a year ago in August 2006, but they have only just recently managed to make waves in mail traffic.

Last month Scano.gen made a Top 20 comeback, and made the most gains of all malicious programs in August, rising a full five positions to twelfth place. Scano.gen may end up following in the footsteps of another very similar worm, Feebs.gen, which rose to the top in the very same way and has been holding strong in fifth place for two months now.

Other malicious programs made up 7.76% of all malicious code in mail traffic, indicating that there is still a relatively large number of other worm and Trojan families in circulation.

  • New: Email-Worm.Win32.Womble.a, Trojan-Downloader.Win32.Agent.brk
  • Moved up: Email-Worm.Win32.NetSky.q,, Email-Worm.Win32.NetSky.aa, Net-Worm.Win32.Mytob.c, Email-Worm.Win32.Mydoom.l, Exploit.Win32.IMG-WMF.y, Net-Worm.Win32.Mytob.t, Email-Worm.Win32.NetSky.b, Email-Worm.Win32.NetSky.x, Email-Worm.Win32.Scano.gen, Net-Worm.Win32.Mytob.u
  • Moved down: Email-Worm.Win32.NetSky.t, Email-Worm.Win32.Womble.d, Virus.Win32.Grum.a
  • Re-entry: Net-Worm.Win32.Mytob.dam,

Virus Top Twenty for August 2007

Your email address will not be published. Required fields are marked *



LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Subscribe to our weekly e-mails

The hottest research right in your inbox