Virus Top Twenty for August 2007

September 3, 2007

August once again turned out to be “dead season” for virus epidemics in 2007

Position	Change in position	Name	Proactive Detection Flag	Percentage
1.	+1	Email-Worm.Win32.NetSky.q	Trojan.generic	21.28
2.	+1	Email-Worm.Win32.Bagle.gt	Trojan.generic	12.96
3.	+3	Email-Worm.Win32.NetSky.aa	Trojan.generic	9.26
4.	+3	Net-Worm.Win32.Mytob.c	Trojan.generic	8.97
5.	0	Worm.Win32.Feebs.gen	Hidden Data Sending	6.03
6.	+2	Email-Worm.Win32.Mydoom.l	Trojan.generic	4.93
7.	-3	Email-Worm.Win32.NetSky.t	Trojan.generic	4.81
8.	+2	Exploit.Win32.IMG-WMF.y	WMF*	3.52
9.	+4	Net-Worm.Win32.Mytob.t	Worm.P2P.generic	3.22
10.	+1	Email-Worm.Win32.NetSky.b	Trojan.generic	2.65
11.	+1	Email-Worm.Win32.NetSky.x	Trojan.generic	2.43
12.	+5	Email-Worm.Win32.Scano.gen	Trojan.generic	2.12
13.	+1	Net-Worm.Win32.Mytob.u	Worm.P2P.generic	1.59
14.	New!	Trojan-Downloader.Win32.Agent.brk	Hidden object	1.58
15.	0	Email-Worm.Win32.Mydoom.m	Trojan.generic	1.49
16.	New!	Email-Worm.Win32.Womble.a	Trojan.generic	1.38
17.	-1	Email-Worm.Win32.Womble.d	Trojan.generic	1.27
18.	Return	Net-Worm.Win32.Mytob.dam	[Damaged]	0.94
19.	Return	Net-Worm.Win32.Mytob.bt	Trojan.generic	0.91
20.	-1	Virus.Win32.Grum.a	Virus**	0.90
Other malicious programs				7.76

* — a file in the WMF graphics format. ** — The PDM module is not intended for combating classic computer viruses

August once again turned out to be “dead season” for virus epidemics in 2007. Since August 2003, when the Lovesan worm caused the biggest epidemic in history, the final month of summer has typically been the quietest and most uneventful, as it is a period when both virus writers and antivirus professionals often go on holiday.

Even the waves of mass-mailings sent out by the Warezov and Zhelatin worms were missing in action in August. Warezov.pk, the leader in July, disappeared suddenly from our virus radar screens. However, it's worth remembering that the launching pad for Warezov.pk was created back in May by Trojan-Downloader.Win32.Agent.bcs. August’s Top Twenty features a new program used to create botnets and the conditions for new epidemics: Trojan-Downloader.Win32.Agent.brk. It looks as though a significant new outbreak of email threats will be strike in September.

As usual, as new malicious programs that previously took the lead begin to fade or even disappear, the top positions in our rankings are once again taken by old malware. In August, NetSky.q took first place yet again. A three-and-a-half year lifespan has not had any apparent effect on the widespread impact of this worm, and antivirus companies are left wondering just what else they have to do to exterminate this Internet pest.

Meanwhile, the Womble family of worms continues its unusual increase in mail traffic. In July, Exploit.Win32.IMG-WMF.y climbed seven positions, and inched up another two places in August, finally making it into the Top Ten (in eighth place). IMG-WMF.y is a component used in all Womble worms and it brought Womble.d up the ratings in July, with Womble.a joining these two programs in August. All these worms were detected a year ago in August 2006, but they have only just recently managed to make waves in mail traffic.

Last month Scano.gen made a Top 20 comeback, and made the most gains of all malicious programs in August, rising a full five positions to twelfth place. Scano.gen may end up following in the footsteps of another very similar worm, Feebs.gen, which rose to the top in the very same way and has been holding strong in fifth place for two months now.

Other malicious programs made up 7.76% of all malicious code in mail traffic, indicating that there is still a relatively large number of other worm and Trojan families in circulation.

New: Email-Worm.Win32.Womble.a, Trojan-Downloader.Win32.Agent.brk
Moved up: Email-Worm.Win32.NetSky.q, Email-Worm.Win32.Bagle.gt, Email-Worm.Win32.NetSky.aa, Net-Worm.Win32.Mytob.c, Email-Worm.Win32.Mydoom.l, Exploit.Win32.IMG-WMF.y, Net-Worm.Win32.Mytob.t, Email-Worm.Win32.NetSky.b, Email-Worm.Win32.NetSky.x, Email-Worm.Win32.Scano.gen, Net-Worm.Win32.Mytob.u
Moved down: Email-Worm.Win32.NetSky.t, Email-Worm.Win32.Womble.d, Virus.Win32.Grum.a
Re-entry: Net-Worm.Win32.Mytob.dam, Net-Worm.Win32.Mytob.bt

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Virus Top Twenty for August 2007

Virus Top Twenty for August 2007

About Kaspersky

Related Articles Press Releases

Dangerous Loki backdoor discovered: Kaspersky experts identify agent in Russian company cyberattacks

DIY Ransomware: novice cybercriminals bigger threat thanks to off-the-shelf code

Kaspersky identifies new APT group targeting Russian government entities

SMB cyber infections rising amid resurgence of attacks leveraging Microsoft Excel, Kaspersky reports

Every third cyber incident was due to ransomware, Kaspersky reports

Global mobile banking malware grows 32 percent in 2023

Turkey, Russia, Southeast Asia and Latin America hit by Android threats, Kaspersky identifies

‘Coyote’ ugly: Kaspersky unveils banking trojan targeting over 60 institutions

New cross-platform threats uncovered by Kaspersky

Kaspersky reveals advanced tactics in cyber espionage campaigns using MATA toolset