Authors
4-2I-Worm.Netsky.b9.63%
| Position | Change in position | Name | Percentage by occurrence |
|---|---|---|---|
| 1 | +3 | I-Worm.Netsky.q | 21.67% |
| 2 | -1 | I-Worm.Netsky.aa | 13.79% |
| 3 | +1 | I-Worm.Zafi.b | 12.70% |
| 5 | – | I-Worm.Mydoom.m | 5.34% |
| 6 | +2 | I-Worm.Bagle.z | 4.86% |
| 7 | +2 | I-Worm.Netsky.d | 4.55% |
| 8 | new | TrojanDownloader.JS.Gen | 4.41% |
| 9 | -3 | I-Worm.Netsky.t | 2.51% |
| 10 | +1 | I-Worm.Netsky.y | 1.62% |
| 11 | -1 | I-Worm.Lovgate.w | 1.41% |
| 12 | new | I-Worm.Bagle.as | 1.35% |
| 13 | +2 | I-Worm.Mydoom.l | 1.11% |
| 14 | -2 | I-Worm.Netsky.r | 1.08% |
| 15 | new | I-Worm.Mydoom.t | 0.93% |
| 16 | +3 | I-Worm.Bagle.gen | 0.86% |
| 17 | re-entry | I.Worm.Netsky.c | 0.83% |
| 18 | -5 | TrojanDropper.VBS.Zerolin | 0.73% |
| 19 | new | I-Worm.Bagle.ah | 0.62% |
| 20 | new | I-Worm.Mydoom.u | 0.51% |
| Other malicious programs (not in the Top 20) | 9.49% | ||
This September we witnessed several outbreaks caused by new variants of our old enemies Bagle and Mydoom. Thankfully, we did not see any malware exploiting the JPEG vulnerability in MS Windows, despite dire predictions by some analysts that an outbreak was inevitable. In short, September resembled August, with only minor changes.
Just as in August, we see 5 new malicious programs in the ratings this month. And it’s more variations on the same theme: we had 3 new Mydoom variants and no Bagles in August, while in September they evened out with 2 new variants of each. TrojanDownloader.JS.Gen was the only truly new piece of malware in the ratings this month.
In the meantime, Netsky variants continue to dominate the top slots; changing places with each other, but not yielding to any other viruses. NetSky.q pushed aside NetSky.aa and took first place. Once again, the only malicious program to compete with the NetSky variants is Zafi. This Hungarian virus is maintaining a slow but steady downward pace, moving down to third place.
The Mydoom.m variant that appeared in August hung on to fifth place with the same occurrence rating.
The main newcomers this month are two Mydoom variants that appeared in the space of a single day. Bagle authors were not caught napping and brought their summer holidays to a close by releasing several new variants, which all used email and file-sharing networks to spread.
TrojanDownloader.JS.Gen is a catch all name for a huge number of Trojans written in Java Script. We group them together because they all have only one function – to download other malware from the Internet. This summer virus coders were placing such Trojans on websites, wheras in September we saw a new trend: using spammer techniques to mass mail malicious programs.
On the one hand, Bagle, LovGate and NetSky variants carry on creating a steady background of virus activity, moving insignificantly up and down in the ratings.
On the other hand, the old steadfasts Swen and Sobig.f have finally disappeared from the Top Twenty. In other words, September 2004 finally saw malware created in previous years vanish totally from the ratings: we now have only viruses created in 2004. Moreover, 16 out of 20 viruses in this month’s Top Twenty are worms from only three families. The only serious competion Bagle, NetSky and Mydoom variants face comes from Zafi and Lovgate.
Summary:
| New viruses | TrojanDownloader.JS.Gen, Bagle.as, Bagle.ah, Mydoom.t, Mydoom.u |
| Moved up: | NetSky.q, Zafi.b, Bagle.z, NetSky.d, NetSky.y, Mydoom.l, Bagle.gen |
| Moved down | Netsky.aa, NetSky.b, NetSky.t, LovGate.w, NetSky.r, TrojanDropper.VBS.Zerolin |
| No change | Mydoom.m |
Authors
From the same authors
In the same category
Virus Top Twenty for September 2004