|
Aug 01 2006
|
comment
|
|
| Alexander Gostev |
| Aleks has headed the Global Research and Analysis Team at Kaspersky Lab since 2008, and specializes in all aspects of information security, including mobile malware. His responsibilities include detecting and analyzing new malware. His research and analytical articles are published both on dedicated IT sites and in the mass media. He has been with the company since 2002, and is based in Moscow. |
|
June differed from previous months, with a noticeable outbreaks caused by the unexpected return of Nyxem.e. This worm made up almost 17% of the malicious code detected in email, a clear indication that if Nyxem could potentially take first place in our rankings in July. However, although the worm spread widely, Mytob.c retained first place, in spite of the fact that it lost 4% on the previous month. This month, Nyxem.e. and Mytob.c are separated by a single percentage point - this makes it all the more interesting to see what will happen in August.
August is traditionally the month for epidemics. And there’s clear evidence of that in the last three years alone: 2003 - Lovesan, 2004 - numerous Mydoom variants, 2005 - Mytob/ Bozori (aka Zotob). However, nearly all of these outbreaks were preceded by the disclosure of Windows vulnerabilities. So the answer to the question whether there will be an epidemic this August will depend on whether new vulnerabilities are found.
However, this year the risk of an August epidemic is probably minimal. The last significant epidemic was caused by Nyxem.e in January this year. The only malicious programs which might be able to cause a serious outbreak, such as Scano or Bagle, are only showing brief flashes of activity.
Some of the events of June carried over into July. NetSky.q, the ultimate leader of 2004, a frequent visitor to the top of the table in 2005 and the first half of 2006, continued its retreat. In June, this worm fell 12 places, from 3rd to 15th place. In July it left the rankings altogether, achieving on 22nd place with 0.69%. Exactly the same happened with NetSky.t: it returned to the rankings at the beginning of the year, rose steadily up the table, dropped from 5th to 20th place in June, and this month fell to 25th place, with 0.65%.
All of this is rather strange. We’re not seeing new worms, and out of the old, well known families, it's the numerous Mytob variants which are asserting themselves. June brought the return of Mytob.ar, and a newcomer, Mytob.cg, to the rankings.
Although most NetSky variants have disappeared off the bottom of the table, a few are still hanging on, even becoming slightly more prevalent. At the moment, we don't have any explanation for this selective behaviour within the same family.
The LovGate family noticeably lost ground - three variants of this worm have figured in recent Top Twenties, but June's rankings only have two. Although LovGate.w is still holding its own in the top five, LovGate.ad dropped twelve places and may well follow NetSky.q and .t out of the rankings in August.
Scano.e, a polymorphic script worm, is continuing to hover at the bottom of the table. We've seen it in the ratings before; in June it appeared in 19th place, seemingly simply to remind users of its existence. Scano’s day is clearly over. We’re far more likely to see Feebs, a similar worm, making an appearance, and it does regularly figure in our online scanner statistics.
Other malicious programs made up 12.59% of those intercepted in mail traffic, showing that a relatively large number of Trojans and worms from other families are still in active circulation.
Summary
| New |
Mytob.cg |
| Moved up |
NetSky.b, Mytob.q, NetSky.y, Mytob.u, Mytob.w, Mytob.r, NetSky.x, Mytob.gen, NetSky.af |
| Moved down |
LovGate.w, LovGate.ad, Mytob.t, Mytob.a, Mytob.x, Mytob.bx
|
| No change |
Net-Worm.Win32.Mytob.c, Email-Worm.Win32.Nyxem.e |
| Re-entry |
Mytob.ar, Scano.e |
0
+1
-1
New
Return
