Malware reports

Virus Top Twenty for September 2006

Position Change in position Name Percentage
1. No Change
Net-Worm.Win32.Mytob.c 20.00
2. No Change
Email-Worm.Win32.Nyxem.e 16.22
3. Up
Email-Worm.Win32.LovGate.w 9.71
4. New!
Email-Worm.Win32.Scano.gen 5.88
5. Down
Email-Worm.Win32.NetSky.b 5.45
6. Up
Net-Worm.Win32.Mytob.t 5.08
7. Down
Net-Worm.Win32.Mytob.u 3.62
8. New!
New 2.52
9. Up
Email-Worm.Win32.NetSky.t 2.40
10. Down
Net-Worm.Win32.Mytob.w 1.63
11. Down
Email-Worm.Win32.NetSky.y 1.56
12. Down
Net-Worm.Win32.Mytob.q 1.48
13. Down
Trojan-Spy.HTML.Bankfraud.od 1.44
14. Down
-4 1.33
15. New!
New 1.25
16. Return
Return 1.21
17. Down
Net-Worm.Win32.Mytob.a 1.15
18. Down
Net-Worm.Win32.Mytob.h 1.13
19. Down
Email-Worm.Win32.NetSky.x 1.09
20. New!
Net-Worm.Win32.Mytob.dam 0.95
Other malicious programs 14.90

The battle for the top position between Mytob.c and Nyxem.e continues for the third month in a row. After losing considerable ground in August, in September Nyxem improved its position by almost two percentage points, while Mytob.c dropped by six percentage points. As a result, the current difference between the two malicious programs at the top of the rating is only about 4%.

Still, the outcome of this confrontation is predetermined: Mytob.c has been at the top for so long that the only thing capable of unseating it would be a global email worm outbreak comparable to that caused by Mydoom.a in January 2004. However, given the way antivirus protection has been evolving, and the emergence of new types of cyber crime, the chances of a global epidemic are minimal.

As before, the Top Twenty is largely made up of worms which have appeared in recent years, i.e. by variants of the old Mytob, NetSky and LovGate worms. In 2006 several malicious programs including Feebs, Scano, Bagle and Warezov seemed to aspire to participating in the virus race on a permanent basis. However, none of them managed to stay in the Top Twenty for more than a couple of months. Scano worms were back in September: the fourth position of the rating was taken by Scano.gen, i.e., by several variants of the worm at once. The most active variant,, is in 8th position.

As worms are showing little activity, some of the top positions in the rating have been taken by other types of malicious program found in mail traffic. In August we noted that Bankfraud.od, a phishing attack, was spreading. It’s also present in the September statistics, one position lower than in August. Another, similar attack, this time targeting eBay users, has made it to 15th place. lures users to a fake website in order to steal their account information. Overall, the number of phishing attacks has increased substantially in 2006, a trend noted by practically all the major antivirus vendors.

One event in the battle against virus writers is worth mentioning: the conviction of the authors of numerous variants in the Mytob and Bozori worm families (e.g.,, which takes 14th position this month), the Moroccans Farid Essebar and Achraf Bahloul. Essebar was sentenced to two years in jail, Bahloul to one year.

Taking into account the arrest and conviction of Sven Jaschan, the author of NetSky, which is another widespread family, it can be concluded that the authors of viruses that cause global epidemics can after all be found and held accountable for their actions. However, in order to successfully combat cyber threats, similar action has to be taken against the authors of other malicious programs: programs which may not cause such extensive outbreaks but which do much greater damage to users, such as Trojan-Spy programs.

Other malicious programs in mail traffic account for a significant percentage (14.9%) of the total number intercepted, indicating that numerous worms and Trojans from other families are still in circulation.


New Scano.gen,,, Mytob.dam
Moved up LovGate.w, Mytob.t, NetSky.t
Moved down NetSky.b, Mytob.u, Mytob.w, NetSky.y, Mytob.q, Bankfraud.od,, Mytob.a, Mytob.h, NetSky.x

Virus Top Twenty for September 2006

Your email address will not be published. Required fields are marked *



APT trends report Q1 2024

The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox