Subscriptions | RSS Feeds | Discussions | Polls | Site Map




All Threats

Viruses

Hackers

Spam
Whole site    Viruses
  
Virus Encyclopedia
Riskware
Alerts
Analysis
News
Glossary
Weblog

 
Archive

<< 2010  
Jan Feb  
     
     
     
Most Popular Analysis

Monthly Malware Statistics: January 2010



Online games and fraud: using games as bait



Monthly Malware Statistics: December 2009



Keyloggers: How they work and how to detect them (Part 1)



The botnet ecosystem
 
For Potential Authors
Contact us!

Want to become one of our authors and see your work published on Viruslist.com? Contact us!

 		 

  Home / Analysis

Virus Top Twenty for August 2006

Aug 28 2006   |   comments (5)

Alexander Gostev
Aleks has headed the Global Research and Analysis Team at Kaspersky Lab since 2008, and specializes in all aspects of information security, including mobile malware. His responsibilities include detecting and analyzing new malware. His research and analytical articles are published both on dedicated IT sites and in the mass media. He has been with the company since 2002, and is based in Moscow.

Position Change in position Name Percentage
1. No Change 0 Net-Worm.Win32.Mytob.c 26.43
2. No Change 0 Email-Worm.Win32.Nyxem.e 14.42
3. No Change 0 Email-Worm.Win32.NetSky.b 8.06
4. No Change 0 Email-Worm.Win32.LovGate.w 6.36
5. Up +2 Net-Worm.Win32.Mytob.u 3.26
6. Down -1 Net-Worm.Win32.Mytob.q 3.04
7. Up +2 Net-Worm.Win32.Mytob.w 2.90
8. Down -2 Email-Worm.Win32.NetSky.y 2.69
9. Down -1 Net-Worm.Win32.Mytob.t 2.63
10. Up +4 Net-Worm.Win32.Mytob.cg 1.98
11. Up +1 Net-Worm.Win32.Mytob.a 1.97
12. New! New Trojan-Spy.HTML.Bankfraud.od 1.91
13. Down -2 Email-Worm.Win32.NetSky.x 1.71
14. Up +2 Email-Worm.Win32.NetSky.af 1.31
15. Down -5 Net-Worm.Win32.Mytob.r 1.31
16. Return Return Email-Worm.Win32.NetSky.t 1.11
17. Return Return Net-Worm.Win32.Mytob.h 1.10
18. Down -3 Net-Worm.Win32.Mytob.x 1.04
19. Return Return Email-Worm.Win32.LovGate.ae 1.04
20. Return Return Net-Worm.Win32.Mytob.j 1.03
Other malicious programs 14.7

We expected that August would bring a struggle for first place in the ratings between Mytob.c, a veteran of the ratings, and Nyxem.e, well known for disturbing the peace. However, our forecasts turned out to be inaccurate. Nyxem.e, which was almost on a level with Mytob in July, and which made up half of all virus traffic last month dropped 10% in August, while Mytob.c remained steady as a rock.

The summer holidays inevitably have an influence on the world of computer viruses. However, August was a surprisingly quiet month, as the Top Twenty shows: the first four places remained the same as the previous month. Overall, the changes to the top ten are more or less symbolic, with some viruses moving up a couple of places, some down a couple of places. Such movement is within the bounds of statistical error.

In comparison to July, when one worm rose seven places and another sank by twelve, the August figures (Mytob.cg up four places, Mytob.r down five places) look almost insignificant. Nevertheless, antivirus companies waited for August with baited breath. This was due to the fact that over the past few years, August has been one of the months when viruses show increased activity. In our last Top Twenty we stated that the question ‘will there be an epidemic in August’ would be answered when it was clear whether new vulnerabilities had been detected in Windows.

Vulnerabilities were indeed detected, and they were exactly the type of vulnerabilities which could have led to the appearance of another worm such as Lovesan or Mytob. The vulnerability detailed in MS06-040 is extremely similar to the MS03-26 and MS04-011 vulnerabilities, which were exploited by Lovesan and Sasser respectively. Thankfully, Microsoft was able to ensure that information about the vulnerability did not enter the public domain before a patch was available. The exploit which then appeared for this vulnerability only ran on a limited number of versions of Windows and did not attract the attention of virus writers. Consequently, the anticipated August epidemic did not take place.

Virus writers limited their activities to spamming phishing emails. This meant that although worms did not show any increased activity, phishing attacks were very noticeable. August brought several major attacks, the largest of which was the spamming of Bankfraud.od in Western Europe. We first encountered this phishing message, which targets customers of the German Volksbank, in March this year. In July/ August, the authors modified the email, and conducted a repeat attack. Bankfraud.od rose to twelfth place in the rankings, and is the first phishing attack to make it into the Top Twenty in the past few months.

As for the rest of the Top Twenty, it’s worth noting that Scano, the polymorphic script worm, disappeared from the rankings, and another, similar malicious program (Feebs) did not make it into the Top Twenty at all.

LovGate.ad has dropped out of the ratings. This might mean that this family has been defeated by other worms. Out of the three LovGate representatives previously found in the Top Twenty, only LovGate.w remains. However, in August the worm once again demonstrated its resilience, with LovGate.ae returning to the rankings. We will wait and see what September brings. The significant percentage (14.7%) of other malicious programs intercepted in mail traffic indicates that a number of other worm and Trojan families are still in active circulation.

Summary

New Bankfraud.od
Moved up NetSky.b, Mytob.q, NetSky.y, Mytob.u, Mytob.w, Mytob.r, NetSky.x, Mytob.gen, NetSky.af
Moved down Mytob.q, NetSky.y, Mytob.t, NetSky.x, Mytob.r, Mytob.x
No change Net-Worm.Win32.Mytob.c, Email-Worm.Win32.Nyxem.e, Email-Worm.Win32.NetSky.b, Email-Worm.Win32.LovGate.w
Re-entry NetSky.t, Mytob.h, LovGate.ae, Mytob.j
Source:
Kaspersky Lab
 

Copyright © 1996 - 2010
Kaspersky Lab
Industry-leading Antivirus Software
All rights reserved
 

Email: webmaster@viruslist.com