Information Security Bulletin

December 2006 Virus Stats From Kaspersky

02 Jan 12:17

Kaspersky Labs have published these malware prevalence stats for December...

Email-Worm.Win32.Warezov.fb - 19.4 per cent (new)
Email-Worm.Win32.Warezov.dn - 9.9 per cent (return)
Email-Worm.Win32.Warezov.hb - 9.6 per cent (new)
Email-Worm.Win32.NetSky.t - 8.0 per cent
Email-Worm.Win32.NetSky.q - 6.3 per cent
Email-Worm.Win32.Bagle.gt - 5.7 per cent (new)
Net-Worm.Win32.Mytob.c - 5.5 per cent
Email-Worm.Win32.NetSky.aa - 5.2 per cent
Email-Worm.Win32.Zafi.b - 3.0 per cent
Email-Worm.Win32.Scano.gen - 2.5 per cent

Other - 25.0 per cent

The last month of 2006 did not bring any substantial changes to the assortment of viruses found in the email traffic. The Warezov worm family was prevalent in the winter months.

The greatest surprise of November was the return of Nyxem.e, straight to the third position. In December the worm surprised us again by going 13 positions down. Mytob.c, which also made a return to the sixth position in November, lost little ground to newcomers and remained in the 7th position. Nevertheless, it is now quite clear that both worms (Nyxem.E and Mytob.C) will inevitably leave the top twenty in 2007.

This is also true of Zafi.b. Although this worm is among the top ten malicious programs this month, it has gone through several cycles appearing and disappearing from the top twenty and may well leave again, never to return.

At the same time, NetSky.q (the October leader) goes up and down in the top part of the rankings and looks set to create problems for email users for a long time to come, despite the fact that it was created as far back as 2004! Another two 'historical' worms, LovGate.w and Mytob.t, are about equally ancient.

Among the newcomers Bagle.gt and Exploit.Win32.IMG-WMF.y deserve attention. Bagle.gt is the first member of its family to become one of the most prevalent viruses in the past several months. This is a very interesting fact: essentially, Bagle and Warezov are direct competitors, which means that we may be witnessing another cyberwar between criminal groups trying to gain access to user computers and data stored on them.

Exploit.Win32.IMG-WMF.y belongs to a rare class of malicious programs: the object sent by email is not an executable file containing a worm but an image that contains an exploit for a WMF file handling vulnerability. When the image is accessed, a Trojan program or worm is installed on the users computer. This vulnerability was discovered one year ago, in December 2005. In the first week of its existence, the Internet was flooded with hundreds of Trojans that penetrated computers using this mechanism. Although a year has passed, cyber-criminals still successfully exploit this vulnerability.

Related links: (Open in a new window.)
www.viruslist.com/en/analysis?pubid=204791913
www.kaspersky.com

View printable version (opens in new window)
Back

Search ISB News:

Not yet sure you want to subscribe?

Download a free sample copy!

Download the much quoted October Editorial

Portal Frontpage
Web Editorial
About This Portal
Contact Info

IS Alerts
General News
Product News
Vendor News
People News
Literature
Events
CHI News

Subscribe Online
About ISB
Publishing in ISB
Advertising in ISB
PR Information

In the current issue:

Security Management
The Importance of Adaptability
Steve Purser

From the Trenches
Reversing Perimeter Defences – a Case Study
Søren Maigaard

Security Architectures
The Self Defending Network: New Trends In ICT Security Infrastructures
Drs. Ing. René Pluis

Subscribe Online!