Malware reports

Virus Top Twenty for July 2007

Position Change in position Name Proactive Detection Flag Percentage
1. New!
New
Email-Worm.Win32.Warezov.pk not detected – Downloader* 22.72
2. Down
-1
Email-Worm.Win32.NetSky.q Trojan.generic 14.22
3. Down
-1
Email-Worm.Win32.Bagle.gt Trojan.generic 8.67
4. Down
-1
Email-Worm.Win32.NetSky.t Trojan.generic 6.79
5. Up
+1
Worm.Win32.Feebs.gen Hidden Data Sending 6.47
6. Down
-2
Email-Worm.Win32.NetSky.aa Trojan.generic 6.22
7. No Change
0
Net-Worm.Win32.Mytob.c Trojan.generic 4.04
8. Up+2 Email-Worm.Win32.Mydoom.l Trojan.generic 3.57
9. Up+2 Email-Worm.Win32.Nyxem.e Trojan.generic 3.3
10. Up
+7
Exploit.Win32.IMG-WMF.y ** 2.58
11. Up+1 Email-Worm.Win32.NetSky.b Trojan.generic 2.57
12. Up+7 Email-Worm.Win32.NetSky.x Trojan.generic 1.60
13. Up+3 Net-Worm.Win32.Mytob.t Worm.P2P.generic 1,53
14. Up+4 Net-Worm.Win32.Mytob.u Worm.P2P.generic 1,34
15. ReturnReturn Email-Worm.Win32.Mydoom.m Trojan.generic 1,23
16. New!New Email-Worm.Win32.Womble.d Trojan.generic 1.21
17. ReturnReturn Email-Worm.Win32.Scano.gen Trojan.generic 1.20
18. Return
Return
Email-Worm.Win32.Zhelatin.dam [Damaged] 1.00
19. Down
-6
Virus.Win32.Grum.a not detected – Virus*** 0.92
20. ReturnReturn Email-Worm.Win32.LovGate.w Trojan.generic 0.62
Other malicious programs 8.12
 
* — Downloader, results in an error if the file is missing from the site.

** — a file in the WMF graphics format.

*** — The PDM module is not intended for combating classic computer viruses

 

The activity of the botnet that was created in May via the Agent.bqs Trojan was only reaching its “design capacity” in June; by July it was in full swing. Another member of the Warezov family, which is distributed by this zombie network, reached the top position on the chart, accounting for 22% of the malicious code in mail traffic.

Although there were 4 Warezov variants in our June rankings and only one on our July charts, this does not mean that the threat has abated. On the contrary, the top position achieved in July will be followed by more spam-and-virus mailings, which in a few months will probably culminate in another “Warezov madness” comparable to one that took place in October 2006, when we detected more than twenty new variants of the worm every day.

Veterans of the virus scene, NetSky.q and .t, have each moved one position down, but in percentage terms their presence in mail traffic has remained almost at the same level as last month – 14% and 16% respectively. Bagle.gt has also moved one position down but remained one of the top three malicious programs.

On the whole, despite the blast-off of Warezov.pk, which was first detected on June 26 and peaked in early July, the situation remains stable (it is actually quite rare for the rankings to be so stable, with Warezov.pk being one of only two newcomers to the Top Twenty). The conditions are not favorable for new global epidemics, so the main threat is posed by local attacks targeting users from individual countries.

In general, in the top fifteen positions of the chart there was some shifting among old worms. The most significant growth in July (+7 positions) was demonstrated by Exploit.Win32.IMG-WMF.y. There is a good reason for this: the second newcomer in our ranking, the Womble.d mail worm, uses this exploit as one of its methods of spreading. This is a relatively old worm, “released” in September 2006, but it is only now that it has managed to spread noticeably.

It is worth mentioning that Scano.gen and LovGate.w are back to our Top Twenty charts, though these worms are unlikely to make much of an impact in the coming months. Also noteworthy is the return appearance of the Zhelatin.dam variant, which may be an indication that this family is not going away any time soon.

Other malicious programs made up 8.12% of all malicious code in mail traffic, indicating that there is still a relatively large number of other worm and Trojan families in circulation.

Summary:

  • New: Email-Worm.Win32.Warezov.pk, Email-Worm.Win32.Womble.d
  • Moved up: Worm.Win32.Feebs.gen, Email-Worm.Win32.Mydoom.l, Email-Worm.Win32.Nyxem.e, Exploit.Win32.IMG-WMF.y, Email-Worm.Win32.NetSky.b, Email-Worm.Win32.NetSky.x, Net-Worm.Win32.Mytob.t, Net-Worm.Win32.Mytob.u
  • Moved down: Email-Worm.Win32.NetSky.q, Email-Worm.Win32.Bagle.gt, Email-Worm.Win32.NetSky.t, Email-Worm.Win32.NetSky.aa, Virus.Win32.Grum.a
  • Re-entry: Email-Worm.Win32.Mydoom.m, Email-Worm.Win32.Scano.gen, Email-Worm.Win32.Zhelatin.dam, Email-Worm.Win32.LovGate.w

Virus Top Twenty for July 2007

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox