Malware reports

Virus Top Twenty for September 2004

4-2I-Worm.Netsky.b9.63%

Position Change in position Name Percentage by occurrence
1 +3 I-Worm.Netsky.q 21.67%
2 -1 I-Worm.Netsky.aa 13.79%
3 +1 I-Worm.Zafi.b 12.70%
5 I-Worm.Mydoom.m 5.34%
6 +2 I-Worm.Bagle.z 4.86%
7 +2 I-Worm.Netsky.d 4.55%
8 new TrojanDownloader.JS.Gen 4.41%
9 -3 I-Worm.Netsky.t 2.51%
10 +1 I-Worm.Netsky.y 1.62%
11 -1 I-Worm.Lovgate.w 1.41%
12 new I-Worm.Bagle.as 1.35%
13 +2 I-Worm.Mydoom.l 1.11%
14 -2 I-Worm.Netsky.r 1.08%
15 new I-Worm.Mydoom.t 0.93%
16 +3 I-Worm.Bagle.gen 0.86%
17 re-entry I.Worm.Netsky.c 0.83%
18 -5 TrojanDropper.VBS.Zerolin 0.73%
19 new I-Worm.Bagle.ah 0.62%
20 new I-Worm.Mydoom.u 0.51%
Other malicious programs (not in the Top 20) 9.49%

This September we witnessed several outbreaks caused by new variants of our old enemies Bagle and Mydoom. Thankfully, we did not see any malware exploiting the JPEG vulnerability in MS Windows, despite dire predictions by some analysts that an outbreak was inevitable. In short, September resembled August, with only minor changes.

Just as in August, we see 5 new malicious programs in the ratings this month. And it’s more variations on the same theme: we had 3 new Mydoom variants and no Bagles in August, while in September they evened out with 2 new variants of each. TrojanDownloader.JS.Gen was the only truly new piece of malware in the ratings this month.

In the meantime, Netsky variants continue to dominate the top slots; changing places with each other, but not yielding to any other viruses. NetSky.q pushed aside NetSky.aa and took first place. Once again, the only malicious program to compete with the NetSky variants is Zafi. This Hungarian virus is maintaining a slow but steady downward pace, moving down to third place.

The Mydoom.m variant that appeared in August hung on to fifth place with the same occurrence rating.

The main newcomers this month are two Mydoom variants that appeared in the space of a single day. Bagle authors were not caught napping and brought their summer holidays to a close by releasing several new variants, which all used email and file-sharing networks to spread.

TrojanDownloader.JS.Gen is a catch all name for a huge number of Trojans written in Java Script. We group them together because they all have only one function – to download other malware from the Internet. This summer virus coders were placing such Trojans on websites, wheras in September we saw a new trend: using spammer techniques to mass mail malicious programs.
On the one hand, Bagle, LovGate and NetSky variants carry on creating a steady background of virus activity, moving insignificantly up and down in the ratings.

On the other hand, the old steadfasts Swen and Sobig.f have finally disappeared from the Top Twenty. In other words, September 2004 finally saw malware created in previous years vanish totally from the ratings: we now have only viruses created in 2004. Moreover, 16 out of 20 viruses in this month’s Top Twenty are worms from only three families. The only serious competion Bagle, NetSky and Mydoom variants face comes from Zafi and Lovgate.

Summary:

New viruses TrojanDownloader.JS.Gen, Bagle.as, Bagle.ah, Mydoom.t, Mydoom.u
Moved up: NetSky.q, Zafi.b, Bagle.z, NetSky.d, NetSky.y, Mydoom.l, Bagle.gen
Moved down Netsky.aa, NetSky.b, NetSky.t, LovGate.w, NetSky.r, TrojanDropper.VBS.Zerolin
No change Mydoom.m

Virus Top Twenty for September 2004

Your email address will not be published.

 

Reports

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Subscribe to our weekly e-mails

The hottest research right in your inbox