Malware reports

Virus Top Twenty for December 2003

Kaspersky Labs presents the Virus Top Twenty for December 2003

 

1+2 I-Worm.Swen
33.87%
2-1 I-Worm.Mimail.c
27.45%
3-1 I-Worm.Mimail.g
7.15%
4+1 I-Worm.Mimail.a
4.21%
5+9I-Worm.Tanatos.b
4.02%
6new I-Worm.Sober.c
3.45%
7-1 I-Worm.Klez.h
3.12%
8-1 I-Worm.Lentin.m
2.27%
9+2 I-Worm.Sobig.f
1.62%
10-2 I-Worm.Dumaru.a
1.17%
11+5 I-Worm.Mimail.j
1.14%
12re-entryMacro.Word97.Thus-based
0.84%
13re-entry Macro.Word97.Saver
0.81%
14re-entry I-Worm.Lentin.j
0.80%
15re-entry I-Worm.Lentin.o
0.70%
16re-entry Win32.FunLove.4070
0.51%
17+2 Backdoor.Agobot.3
0.46%
18re-entryI-Worm.Sobig.a
0.40%
19-1Worm.Win32.Lovesan
0.40%
20re-entryVBS.Redlof
0.35%
other malicious programs
5.27%

Position Change Name Percentage by occurrence

December’s top twenty most wide-spread malicious programs shows the return of the macro-viruses Saver and Thus, and the Windows file virus FunLove.4070. These viruses put an end to the trend of network worms dominating over viruses. This, together with the move up the table of Backdoor.Agobot and the return of VBS.Redlof, meant that classic malicious programs were able to take their worthy place in this month’s top twenty.

The top three changed slightly, with two worms from the Mimail family losing position to I-Worm.Swen.

Most interesting are the changes with worms from the Sober family. Variant A, which reached a peak of activity a month ago, taking fourth place, is nowhere to be seen in the top twenty. Its place has been taken by a new modification of the virus, Sober.C. Sober.C is currently only in 6th place, exactly as Sober.A was two months ago.

All expectations to the contrary, the worm Tanatos.b did not disappear, but consolidated its position. The peak of the epidemic was at the beginning of summer 2003, and in December the worm rose 9 places, making the top 5. This when only last month it lost 12 places, falling from 2nd to 14th place.

Sobig also underwent something of a reincarnation. Sobig.F was the absolute leader in 2003, gaining 2 positions in December, and its distant relative Sobig.A made it into the top twenty again, moving straight into 18th place.

Summary:

 

  • a new malicious program, the worm Sober.c, appeared in the top twenty.

 

 

 

  • Mimail.A, Tanatos.B, Sobig.F, Mimail.J, and Backdoor.Agobot all moved up in the ratings

 

 

 

  • Mimail.C, Mimail.G, Klez.H, Lentin.M, Dumaru.A and Lovesan lost ground

 

 

 

  • VBS.Redlof, two variants of Lentin, the macro viruses Thus and Saver, the virus FunLove.4070 and the worm Sobig.A all returned to the top twenty.

 

 

Virus Top Twenty for December 2003

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox