The Virus Top Twenty - December 2003

08 Jan 2004
Virus News



Kaspersky Lab presents the Virus Top Twenty for December 2003
PositionChangeNamePercentage by occurrence
1+2 I-Worm.Swen 33.87%
2-1 I-Worm.Mimail.c 27.45%
3-1 I-Worm.Mimail.g7.15%
4+1 I-Worm.Mimail.a 4.21%
5+9I-Worm.Tanatos.b4.02%
6new I-Worm.Sober.c 3.45%
7-1 I-Worm.Klez.h 3.12%
8-1 I-Worm.Lentin.m2.27%
9+2 I-Worm.Sobig.f1.62%
10-2 I-Worm.Dumaru.a 1.17%
11+5 I-Worm.Mimail.j1.14%
12re-entry Macro.Word97.Thus-based0.84%
13re-entry Macro.Word97.Saver 0.81%
14re-entry I-Worm.Lentin.j 0.80%
15re-entry I-Worm.Lentin.o0.70%
16re-entry Win32.FunLove.4070 0.51%
17+2 Backdoor.Agobot.30.46%
18re-entryI-Worm.Sobig.a 0.40%
19-1Worm.Win32.Lovesan0.40%
20re-entryVBS.Redlof0.35%
other malicious programs5.27%
December's top twenty most wide-spread malicious programs shows the return of the macro-viruses Saver and Thus, and the Windows file virus FunLove.4070. These viruses put an end to the trend of network worms dominating over viruses. This, together with the move up the table of Backdoor.Agobot and the return of VBS.Redlof, meant that classic malicious programs were able to take their worthy place in this month's top twenty. The top three changed slightly, with two worms from the Mimail family losing position to I-Worm.Swen. Most interesting are the changes with worms from the Sober family. Variant A, which reached a peak of activity a month ago, taking fourth place, is nowhere to be seen in the top twenty. Its place has been taken by a new modification of the virus, Sober.C. Sober.C is currently only in 6th place, exactly as Sober.A was two months ago. All expectations to the contrary, the worm Tanatos.b did not disappear, but consolidated its position. The peak of the epidemic was at the beginning of summer 2003, and in December the worm rose 9 places, making the top 5. This when only last month it lost 12 places, falling from 2nd to 14th place. Sobig also underwent something of a reincarnation. Sobig.F was the absolute leader in 2003, gaining 2 positions in December, and its distant relative Sobig.A made it into the top twenty again, moving straight into 18th place. Summary:
  • a new malicious program, the worm Sober.c, appeared in the top twenty.

  • Mimail.A, Tanatos.B, Sobig.F, Mimail.J, and Backdoor.Agobot all moved up in the ratings

  • Mimail.C, Mimail.G, Klez.H, Lentin.M, Dumaru.A and Lovesan lost ground

  • VBS.Redlof, two variants of Lentin, the macro viruses Thus and Saver, the virus FunLove.4070 and the worm Sobig.A all returned to the top twenty.