Malware reports

Virus Top Twenty for March 2006

Position Change in position Name Percentage
1. No Change
0
Net-Worm.Win32.Mytob.c 32.97
2. Up
+2
Email-Worm.Win32.NetSky.t 10.89
3. Down
-1
Email-Worm.Win32.LovGate.w 9.07
4. Up
+1
Email-Worm.Win32.NetSky.b 4.31
5. Up
+2
Net-Worm.Win32.Mytob.u 3.34
6. Up
+6
Email-Worm.Win32.Zafi.b 3.08
7. Up
+2
Email-Worm.Win32.NetSky.q 2.68
8. No Change
0
Net-Worm.Win32.Mytob.q 2.61
9. Up
+1
Net-Worm.Win32.Mytob.t 2.54
10. Up
+5
Email-Worm.Win32.LovGate.ae 2.40
11. No Change
0
Net-Worm.Win32.Mytob.a 2.17
12. Down
-9
Email-Worm.Win32.Zafi.d 1.95
13. New!
New
Email-Worm.Win32.LovGate.ad 1.75
14. No Change
0
Email-Worm.Win32.NetSky.y 1.57
15. Return
Return
Net-Worm.Win32.Mytob.w 1.07
16. Return
Return
Net-Worm.Win32.Mytob.h 0.99
17. Down
-1
Net-Worm.Win32.Mytob.y 0.97
18. Up
+2
Net-Worm.Win32.Mytob.x 0.90
19. New!
New
Email-Worm.Win32.LovGate.ah 0.88
20. Down
-1
Net-Worm.Win32.Mytob.ar 0.83
Other malicious programs 33.13

After all the changes to the rankings which took place in February, (5 re-entries and one new malicious program), March was far calmer. There were no significant outbreaks, let alone epidemics. The most interesting newcomer of February, Bagle.fj, which reached 6th place in February, dropped from view in March.

However, the names at the top of the table have changed. Although Mytob.c is still in first place, NetSky.t, which was in fourth place a month ago, is now in 2nd place. This is the highest the worm has climbed since it appeared in the rankings: in February it rose by 15 positions, an absolute record over the past few months. March’s data shows that the February jump wasn’t a one-off burst of activity, since Netsky.t continued to rise. However, it’s likely that it has reached its peak, and we predict that it will slide down the rankings in future months.

Zafi.d, which headed the Top Twenty in January this year, and took third place in February, lost 9 places in March, ending up in 12th position. Zafi’s place has been taken by LovGate.w, which was in 2nd place last month. Overall, this family of worms has behaved with a remarkable lack of predictability over the last year. This month two representatives of this family are in the Top Twenty, and over the course of the year, Zafi variants have either headed the rankings, or been on the verge of disappearing off the bottom of the table. Over the last two months, Zafi has showed a considerable amount of movement, with Zafi.d moving downwards, and Zafi.b climbing 6 places, from 12th to 6th place.

The top ten malicious programs have also shown increased activity. Eight out of the ten worms present have changed their position in one way or another. In addition to Zafi.b, LovGate.ae also climbed 5 places to 10th place, having only last month returned from the wilderness.

LovGate remains one of the most puzzling worms – no LovGate variant has ever caused a major epidemic, and these worms receive little attention from the mass media. However, this month’s Top Twenty includes four LovGate variants – two from the previous month, and two new entrants. LovGate.w is a veteran of the rankings; LovGate.ae periodically appears and then disappears again, and LovGate.ad and .ah are both new this month.

Although LovGate variants are widespread in China and Korea, presumably due to their Asian origin, they do not present any real threat to American and European users.

Mytob variants occupy half of the entire Top Twenty. In January, Mytob.a gained 7 places, lost a place in February, and in March seems to have settled down in 11th place. Mytob.x, however, moves up and down the rankings, gaining 5 places in January, moving down 2 places in February, and back up again to its former position in March. This variant shows little stability, and it’s likely to disappear from the Top Twenty in April.

The tendency for worms which had already disappeared from the rankings to return was maintained in March, with Mytob.w and Mytob.h putting in a renewed appearance.

Other malicious programs made up a significant percentage (13.33%) of mail traffic, showing that a fairly large number of other worms and Trojans are circulating on the Internet.

Summary:

New LovGate.ad, LovGate.ah
Moved up NetSky.t, NetSky.b, Mytob.u, Zafi.b, NetSky.q, Mytob.t, LovGate.ae, Mytob.x
Moved down LovGate.w, Zafi.d, Mytob.y, Mytob.ar
Re-entry Mytob.w, Mytob.h

Virus Top Twenty for March 2006

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox