Virus Top Twenty for June 2004
02 Jul 2004
Kaspersky Lab presents the Top Twenty for June 2004
June 2004 has probably turned out to be the quietest month this year : so far. It's hard to tell why: maybe virus writers have been lying low due to arrests of coders worldwide or maybe antivirus vendors have succeeded in clearing up the aftermath of previous outbreaks. In any case, we only have one new entrant in the top twenty this month. Zafi.b
I-Worm.Zafi.b was written in Hungary and spread rapidly throughout Europe leaving the NetSky family in the dust. The most likely explanation for Zafi's success lies in the clever social engineering techniques the senders used. The worm arrived in emails written in 18 different languages - depending on the IP address of the recipients. The actual texts were not very original - the usual fake warning from email providers or offers to view interesting photos.
The past two months have seen a successful crackdown on cyber crime - almost 10 coders were arrested in different countries. With any luck, we should see the arrest of Zafi's author sometime soon.
The rest of the June top twenty is almost identical to May's hit parade. Some email worms lost or gained a few points, but many remained in the exact same place (a detailed analysis is available in earlier Top 20 lists).
It is worth noting that Exploit.HTML.ObjData has gained strength, whereas Klez.h, a classic network worm, has finally disappeared from the list after a record breaking two-year stint.
However, the calm before the storm was disturbed by a slew of backdoor-worms - Internet worms with spy features. The LSASS vulnerability that Sasser underscored served as a catalyst for this trend. Hundreds of malicious programs are now exploiting this vulnerability shifting the paradigm of virus propagation from email to the Internet via attacks on open ports.
Other malware continued to make up a significant proportion of overall virus traffic in the Internet this month with almost 300 different viruses detected.
|moved up:||NetSky.r, Exploit.HTML.ObjData|
|moved down||NetSky.aa, NetSky.b, NetSky.q, NetSky.y, LovGate.w, Netsky.t, Swen, Mydoom.g, NetSky.o, Bagle.y, and Sober.g|
|no change||Bagle.z, NetSky.d, Mydoom.e, Netsky.c|