News

Friday, December 01, 2006

Kaspersky Lab - Virus News: Virus Top 20 for November 2006

Kaspersky Lab - Virus News. Friday, December 01, 2006
******************************************************************

1. Virus Top 20 for November 2006
2. How to subscribe/unsubscribe
3. Security Rules

****

1. Virus Top 20 for November 2006

Position Change in position Name Percentage
1. New Email-Worm.Win32.Warezov.gj 18.27
2. +3 Email-Worm.Win32.Warezov.ev 14.88
3. Return Email-Worm.Win32.Nyxem.e 9.89
4. Return Email-Worm.Win32.NetSky.t 7.54
5. -1 Email-Worm.Win32.Scano.gen 6.57
6. +8 Net-Worm.Win32.Mytob.c 5.68
7. -6 Email-Worm.Win32.NetSky.q 5.25
8. Return Email-Worm.Win32.Zafi.b 4.40
9. +3 Email-Worm.Win32.NetSky.aa 2.77
10. Return Net-Worm.Win32.Mytob.t 2.01
11. Return Email-Worm.Win32.LovGate.w 1.48
12. +1 Email-Worm.Win32.NetSky.b 1.41
13. New Email-Worm.Win32.Warezov.fh 1.29
14. +1 Trojan-Spy.HTML.Bankfraud.od 1.08
15. Return Net-Worm.Win32.Mytob.u 1.04
16. New Email-Worm.Win32.Warezov.gl 0.97
17. -6 Email-Worm.Win32.Warezov.do 0.87
18. -10 Email-Worm.Win32.Mydoom.l 0.77
19. -16 Email-Worm.Win32.Bagle.gen 0.76
20. Return Net-Worm.Win32.Mytob.w 0.73
Other malicious programs 12.34

Autumn 2006 was a stormy season. For the third month in a row there's not only a new leader in our rankings, but the entire Top Twenty is once again in a state of flux. However, worms from the Warezov family were the main troublemakers, just as they were last month.

In November, Warezov.gj, a newcomer, took first place. This worm, which was first detected on November 22nd, only took one week to become the most widespread virus in email traffic, with an impressive share of over 18%! Only a few malicious programs have shown such record propagation rates in the first month of their existence - and all of them remained at the top of the charts for significant periods of time. However, I believe this won't be the case this time. Warezov.gj will probably fall sharply in December as the worm surrenders to the onslaught of its new 'siblings'.

This month's surprise was the triumphal return of our old acquaintance, Nyxem.e, which immediately shot to third position in the rankings. This worm will soon be celebrating an anniversary of sorts: it's nearly a year since was first detected. And it's become one of the most widespread viruses in all of 2006.

Nyxem's archrival, Mytob.c, has also improved its standing, shooting up eight positions. For several months we watched these worms battle for supremacy, but in October the Warezov.a hurricane swept all away. November's round of confrontation may yet result in both worms making it to the top five in December.

An equally notable comeback is that of the Zafi.b worm. No sooner had we bidden it farewell than it reappeared and started annoying users again with its messages in 18 languages. Eighth place in November is no mean achievement, and shows that the life cycle of this Hungarian worm is far from complete.

October's leader - NetSky.q - is once again moving down the charts. The history of this worm is quite interesting. After it first appeared in 2004, it remained a leader for a long time and became the most widespread worm of 2004. In 2005 it battled numerous Mytob variants for supremacy, and in 2006 it has alternately shot up the charts, or fallen off the bottom of the Top Twenty. In spite of all this, NetSky.q remains one of the most widespread worms in the entire history of the Internet. Meanwhile, for Sven Jaschan, who wrote this infamous worm, 16 of the 21 months of his suspended sentence have passed.

Several other worms besides Netsky.q are moving up and down the charts, as if plotting a sine curve. Two more historic worms, LovGate.w � Mytob.t, returned to the rankings to grace the middle of November's Top Twenty.

All these examples demonstrate that worms can be split into two groups. Those in the first group circulate for years in traffic, sometimes increasing their share (when there are no other epidemics) and sometimes surrendering it to newcomers. Those in the second group emerge quickly, top statistics for a short period and then quickly disappear, often completing this cycle in a mere couple of weeks.

As for December forecasts, everything will depend on the authors of the Warezov worm. If they continue mass-mailing numerous variants of the worm, then next month these worms will account for at least 30% of all malicious programs in email. But if the authors of Warezov relax the pace or get themselves arrested (which is, unfortunately, less likely), the 'old' worms, such as NetSky.q, Zafi,b and Mytob.c will gain ground once more.

Other malicious programs made up 12.34% of all malicious programs intercepted in mail traffic. This confirms that a large number of other worms and Trojans are still actively circulating.


Summary

New
Warezov.gj Warezov.fh
Warezov.gl

Moved up
Mytob.c, NetSky.aa
NetSky.b Bankfraud.od
Warezov.ev

Moved down
Scano.gen NetSky.q
Warezov.do Mydoom.l
Bagle.gen

Re-entry
Nyxem.e NetSky.t
Zafi.b Mytob.t
LovGate.w Mytob.u
Mytob.w

**

2. How to subscribe/unsubscribe

If you would like to subscribe to other Kaspersky Lab news blocks or
to unsubscribe from this news block, you can do so by visiting
http://www.kaspersky.com/subscribenow.html

If you experience any problems with this procedure, please contact us at:
webmaster@kaspersky.com

3. Security Rules

To avert unsanctioned attempts to distribute false or forged email news messages under purportedly originating from Kaspersky Labs please note that real Kaspersky Labs news messages are sent only in plain text format and never include file attachments.

If you receive an email disregarding these strict guidelines, please do not open it, but rather forward it to Kaspersky Labs technical support (support@kaspersky.com) so its contents can be examined.


****

Best Regards,

Kaspersky Labs Threats Information Department


-----
10/1 1st Volokolamsky Proezd,
123060, Moscow
Russia
Telephone/Facsimile: +7 (495) 797 87 00
WWW: http://www.kaspersky.com
FTP: ftp://ftp.kaspersky.com
Email: webmaster@kaspersky.com

No comments:

Blog Archive