April 2007 Stats From Kaspersky Lab

02 May 07:04

Warezov and Zhelatin regularly cause virus outbreaks, hit the headlines, and create a huge amount of work for virus labs around the world, but it's NetSky.t, an old email worm, which grabbed first place this month.

In the three years since NetSky.t appeared, its highest ranking ever was fourth place in February 2006. It subsequently disappeared from the list but has returned to lurk close to the top of the table. This is probably the result of a new tactic: virus writers are now spamming multiple variants of their latest creation within a very short space of time. Many of these variants prevail, but sometimes the sheer number of variants prevents them from gaining a high position: NetSky.t, a single variant which spread extremely widely, is proof of this.

Second position is occupied by Warezov.ms, created by unknown cyber criminals, possibly Chinese.

The Zhelatin worm, which is in direct competition with Warezov, also has three variants among the most prevalent malware. Zhelatin occupies 6th, 18th and 20th place.

This is the list:

  1. Email-Worm.Win32.NetSky.t - 14.0 per cent
  2. Email-Worm.Win32.Warezov.ms - 12.4 per cent (new)
  3. Email-Worm.Win32.NetSky.q - 12.2 per cent
  4. Email-Worm.Win32.Bagle.gt - 10.0 per cent
  5. Trojan-Spy.HTML.Bankfraud.ri - 7.7 per cent (new)
  6. Worm.Win32.Feebs.gen - 5.4 per cent
  7. Net-Worm.Win32.Mytob.c - 4.0 per cent
  8. Email-Worm.Win32.NetSky.aa - 3.6 per cent
  9. Email-Worm.Win32.NetSky.b - 2.2 per cent
  10. Email-Worm.Win32.Scano.gen - 1.9 per cent
Other malicious programs - 26.7 per cent

Phishing is continuing to evolve quickly. Last month, Bankfraud.ra, a phishing email, was at the top of the chart. Although this month it has fallen to 11th position, this doesn't mean that phishing is on the decline: 5th place is taken by a new Bankfraud variant, .ri. This is evidence of the increasingly widespread nature of phishing attacks, comparable in scale to email worm epidemics.

The return of some old malware - LovGate.w and Mytob.t - is interesting. The reappearance of these malicious programs was unexpected. However, the number of times these programs have previously figured bears witness to the size of epidemics caused by these worms in the past.

Related links: (Open in a new window.)
www.viruslist.com/en/analysis?pubid=204791937
www.kaspersky.com

Taken from Information Security Bulletin.