Virus Top Twenty for February 2008

02 Mar 2008
Virus News

PositionChange in positionNameProactive Detection FlagPercentage
1 No Change 0 Email-Worm.Win32.NetSky.q Trojan.generic 35.57
2 Up +1 Trojan.generic 6.49
3 Down -1 Email-Worm.Win32.Nyxem.e Trojan.generic 6.47
4 Up +4 Email-Worm.Win32.NetSky.d Trojan.generic 6.04
5 New! New Trojan-Downloader.Win32.Small.hsl <Not detected> (downloader) 5.71
6 Up +5 Net-Worm.Win32.Mytob.q Worm.P2P.generic 5.62
7 Down -3 Email-Worm.Win32.NetSky.aa Trojan.generic 5.15
8 Down -3 Email-Worm.Win32.Scano.gen Trojan.generic 3.88
9 Return Return Email-Worm.Win32.NetSky.x Trojan.generic 3.56
10 Up +7 Email-Worm.Win32.Mydoom.l Worm.P2P.generic 2.83
11 Return Return Email-Worm.Win32.Mydoom.m Trojan.generic 2.52
12 New! New Trojan-Downloader.Win32.Diehard.ez Hidden object 2.06
13 Down -1 Email-Worm.Win32.NetSky.y Trojan.generic 1.94
14 Down -5 Net-Worm.Win32.Mytob.w Worm.P2P.generic 1.47
15 Up +1 Net-Worm.Win32.Mytob.t Worm.P2P.generic 1.43
16 Return Return Trojan.generic 1.21
17 Down -3 Email-Worm.Win32.Bagle.gen Trojan.generic 1.19
18 Return Return Net-Worm.Win32.Mytob.c Trojan.generic 0.60
19 Down -1 Trojan.generic 0.58
20 Return Return Email-Worm.Win32.NetSky.c Trojan.generic 0.56
Other malicious programs 5.12
Percentage of infected messages in mail traffic 0.61

The statistics resulting from our scanning of mail traffic in February 2008 were slightly different to data from the first month of the year.

Although the Trojan-Downloader program, Diehard, is continuing to cause significant outbreaks, this isn't reflected in the rankings.

There were four variants of this program in the January Top Twenty. In February, these four were replaced by a single new version which occupies twelfth place; however, this does not mean that the battle against Diehard is over. The number of programs in this family continued to rise rapidly in February, with approximately 50 new modifications being detected over the course of the month. In comparison, only 100 new modifications were detected during the previous four months (from October 2007 onwards).

The series of mass flash mailings which contain Diehard continue to disrupt mail traffic at least once a day, and it's always a new variant of the program which is sent out. If the percentages for all variants of this Trojan are added together, in percentage terms Diehard ranks higher than the actual leader of the Top Twenty, NetSky.q.

In general, the rankings have remained relatively stable. The second new entrant to this month's Top Twenty is another downloader program, Trojan-Downloader.Win32.Small.hsl. This program made it into fifth place straight away, and this may indicate that another dangerous new family will start figuring in our statistics in the near future.

Interestingly, of the four families of malicious code which are currently causing epidemics, only Diehard and Bagle are present in the rankings. Their two competitors, Zhelatin and Warezov, appear to be taking something of a break. However, Zhelatin did take advantage of Valentine's Day when the latest versions of this malicious program were mass mailed.

Other malicious programs made up a moderate percentage (5.12%) of all malicious code found in mail traffic, indicating that a number of other worms and Trojans are currently in active circulation.

The total percentage of infected messages in mail traffic detected by Kaspersky Lab scanning and analysis methods was 0.61%.

The twenty top countries which act as sources for infected messages in February are shown in the table below:

2 S.KOREA 7.88
3 INDIA 6.05
4 CHINA 5.75
6 GERMANY 4.58
7 SPAIN 3.18
8 POLAND 2.50
9 BRAZIL 2.45
10 JAPAN 2.29
11 FRANCE 2.19
12 TURKEY 2.12
13 ITALY 2.07
15 PAKISTAN 1.94
17 CANADA 1.46
19 ROMANIA 1.37
Other countries 29.67

  1. New: Trojan-Downloader.Win32.Diehard.ez, Trojan-Downloader.Win32.Small.hsl
  2. Went up:, NetSky.d, Email-Worm.Win32.Mytob.q, Email-Worm.Win32.Mydoom.l, Net-Worm.Win32.Mytob.t
  3. Went down: Email-Worm.Win32.Nyxem.e, Email-Worm.Win32.NetSky.aa, Email-Worm.Win32.Scano.gen, Email-Worm.Win32.NetSky.y, Net-Worm.Win32.Mytob.w, Email-Worm.Win32.Bagle.gen,
  4. Re-entry: Email-Worm.Win32.NetSky.x, Email-Worm.Win32.Mydoom.m, Email-Worm.Win32.Mydoom.m,, Net-Worm.Win32.Mytob.c, Email-Worm.Win32.NetSky.c