Malware reports

Virus Top Twenty for January 2006

Position Change in position Name Percentage
1.
0

Email-Worm.Win32.Zafi.d
29.52
2. No Change
0

Net-Worm.Win32.Mytob.c
22.62
3. No Change
0

Email-Worm.Win32.LovGate.w
6.25
4. Up
+2

Email-Worm.Win32.NetSky.b
3.89
5. No Change
0

Email-Worm.Win32.Zafi.b
2.64
6. Up
+3

Net-Worm.Win32.Mytob.u
2.62
7. Up
+1

Net-Worm.Win32.Mytob.t
2.51
8. Down
-1

Email-Worm.Win32.NetSky.q
2.32
9. Up
+1

Net-Worm.Win32.Mytob.q
1.95
10. Up
+7

Net-Worm.Win32.Mytob.a
1.66
11. Up
+2

Trojan-Spy.HTML.Bayfraud.hn
1.43
12. Up
+3

Email-Worm.Win32.NetSky.y
1.29
13. Down
-1

Net-Worm.Win32.Mytob.h
1.24
14. Return
Return

Net-Worm.Win32.Mytob.bt
1.15
15. Up
+5

Net-Worm.Win32.Mytob.x
1.09
16. Return
Return

Net-Worm.Win32.Mytob.v
1.06
17. Up
+2

Net-Worm.Win32.Mytob.y
1.01
18. Down
-14

Email-Worm.Win32.Sober.y
0.93
19. Return
Return

Email-Worm.Win32.NetSky.t
0.76
20. Down
-2

Email-Worm.Win32.Bagle.dx
0.69
Other malicious programs 17.37

2006 began in the same way that 2005 finished. There was limited activity at the top of the ratings in December, and January itself was a relatively peaceful month.

Although worms from the Feebs and Nyxem families did cause something of a stir in the mass media in January, none of these worms had a significant effect on the distribution of malicious code in mail traffic.

Zafi.b and Mytob.c continue to hold the first two places, with LoveGate, an old friend, remaining in third place for the second month in a row.

In fact, there’s only been one change in the top five places; Sober.y fell from 4th to 18th place, a full 14 places. And this for a worm which attracted so much media coverage in December! The worm did not update itself on the night of the 5th/ 6th January, as it was programmed to do. This meant that the number of infected messages in traffic fell significantly.

The remainder of January’s ranking is relatively uninteresting, with the exception of the sharp rise exhibited by Mytob.a (up 7 places) and Mytob.x (up 5 places). In addition to this, two other members of the Mytob family managed to return to the rankings: Mytob.bt, in 14th place, and Mytob.v, in 16th place.

Phishing attacks remained popular in January, as the presence of Trojan-Spy.HTML.Bayfraud.hn shows. This surprisingly lively program has not only been in the ratings for two months (unique for phishing) but also rose by two places. This is, as far as we are aware, the first time a program mass mailed for phishing purposes rose so close to the Top Ten. Of course, we’re not talking about a one-off mass mailing here, but repeated attacks targeting eBay users over a period of several months.

Overall, January was one of the most peaceful months we’ve seen for a long time, with no significant outbreaks or full scale epidemics.

Other malicious programs made up 13.37% of all malicious code intercepted in mail traffic, showing that a significant number of worms and Trojans from other families are still in circulation.

Summary:

New No new malicious programs
Moved up NetSky.b, Mytob.u, Mytob.t, Mytob.q, Mytob.a, Bayfraud.hn, NetSky.y, Mytob.x, Mytob.y
Moved down NetSky.q, Mytob.h, Sober.y, Bagle.dx
Re-entry Mytob.bt, Mytob.v, NetSky.t
No change Zafi.b, Zafi.d, Mytob.c, LovGate.w

We’ve decided to initially publish a full Top Twenty, including programs from the ‘not-a-virus’ malware class. However, in future we may take a different approach.

The second set of ratings is interesting, as it gives us a fuller picture of malware distribution. This is in contrast to the standard Top Twenty, which is based on mail traffic data.

The Online Top Twenty this month mostly contains Trojan programs. The majority of these programs are from the Trojan-Spy and Trojan-Downloader class. Feebs and Nyxem, which are mentioned above, but which didn’t make it into the mail traffic Top Twenty, are also present.

More detailed information will be published next month, when we’ve had a chance to get a clearer picture, and reached some conclusions having compared two months’ worth of data.

Virus Top Twenty for January 2006

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox