Malware reports

Virus Top Twenty for February 2006

Position Change in position Name Percentage
1. Up
+1

Net-Worm.Win32.Mytob.c
33.38
2. Up +1
Email-Worm.Win32.LovGate.w
8.07
3. Down
-2

Email-Worm.Win32.Zafi.d
5.87
4. Up
+3

Email-Worm.Win32.NetSky.t
5.09
5. Down
-1

Email-Worm.Win32.NetSky.b
4.77
6. New!
New!

Email-Worm.Win32.Bagle.fj
4.68
7. Down
-1

Net-Worm.Win32.Mytob.u
3.88
8. Up
+1

Net-Worm.Win32.Mytob.q
3.36
9. Down
-1

Email-Worm.Win32.NetSky.q
2.69
10. Down
-3

Net-Worm.Win32.Mytob.t
2.58
11. Down
-1

Net-Worm.Win32.Mytob.a
2.23
12. Down
-7

Email-Worm.Win32.Zafi.b
1.58
13. Return
Return

Net-Worm.Win32.Mytob.j
1.57
14. Down
-2

Email-Worm.Win32.NetSky.y
1.43
15. Return
Return

Email-Worm.Win32.LovGate.ae
1.34
16. Up
+1

Net-Worm.Win32.Mytob.y
1.33
17. Return
Return

Net-Worm.Win32.Mytob.r
0.95
18. Return
Return

Email-Worm.Win32.NetSky.x
0.86
19. Return
Return

Net-Worm.Win32.Mytob.ar
0.81
20. Down
-5

Net-Worm.Win32.Mytob.x
0.76
Other malicious programs 12.77

Feburary 2006 was superficially far more peaceful than January, a month which brought considerable media coverage for the Nyxem.e and Feebs epidemics. However, in spite of the seeming calm, the virus landscape changed significantly in February.

Mytob.c, one of last year’s leaders, not only managed to return to first place, but significantly increased its presence in mail traffic, resulting in a share of 33% for this worm. This is almost four times as much as LovGate.w, a classic email worm which takes second place with 8%.

Overall, LovGate.w set a new personal best this month. This Asian worm, first detected in April 2004, had never managed to climb so high in the ratings before. It achieved second place mainly due to the thousands of infected computers in far Eastern countries such as China and Korea.

NetSky.t has been on the rise recently. Although it’s hard to say exactly why this unremarkable NetSky variant is showing an increased presence in mail traffic, the leap of 15 places it made in February is unprecedented over the last few months. March will show us whether this was a chance burst of activity, or the start of a trend.

Unquestionably, the latest Bagle variant was most guilty of disturbing the peace in February. Bagle.fj was spammed to millions of email addresses on 2nd February 2006 and over the course of the next few days became the most common worm in mail traffic. Although currently the worm’s activity is abating, the risk of infection remains high. Bagle’s authors’ have changed the approach they used over the last few months, where they spammed Bagle components (Trojan proxies and Trojan Downloaders). This time, a standard email worm was loosed upon computer users, although it did have additional functionality in being able to download files from compromised Internet sites.

The remainder of February’s rankings is less interesting. Mytob.a and Mytob.x, which showed significant activity in January, rising by 7 and 5 places respectively, reversed this trend, with Mytob.a dropping one place, and Mytob.x reverting to its December position.

However, one less than pleasant trend was maintained in February, with more and more worms returning to the rankings after several month’s absence. In January, the trend was represented by Mytob.v, Mytob.bt and NetSky.t. They have now been joined by another three worms from the Mytob family, and one each from the LovGate and NetSky families.

It’s worth stressing that both Sober, the most notorious worm of 2005, and Trojan-Spy.HTML.Bayfraud.hn (used in phishing attacks, which managed to stay in the ratings for two months and reached 11th place, ) both dropped out of the rankings this month.

Other malicious programs made up a significant percentage (12.77%) of mail traffic, showing that a fairly large number of other worms and Trojans are still circulating on the Internet.

Summary:

New Bagle.fj
Moved up Mytob.c, LovGate.w, NetSky.t, Mytob.q, Mytob.y
Moved down Zafi.d, NetSky.b, Mytob.u, NetSky.q, Mytob.t, Mytob.a, Zafi.b, NetSky.y, Mytob.x
Re-entry Mytob.j, LovGate.ae, Mytob.r, NetSky.x, Mytob.ar

Virus Top Twenty for February 2006

Your email address will not be published. Required fields are marked *

 

Reports

How to catch a wild triangle

How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules.

Subscribe to our weekly e-mails

The hottest research right in your inbox