NetSky was the top worm in February

In last month’s Top Twenty, we noted that Warezov worms had been almost totally beaten back by Bagle. Only a single Warezov variant remained in January’s Top Twenty, and Bagle.gt led the rankings.

1	+3		Email-Worm.Win32.NetSky.t		15.82%
2 -1 Email-Worm.Win32.Bagle.gt 11.85%
3 New Email-Worm.Win32.Zhelatin.dam 8.19%
4 -2 Email-Worm.Win32.NetSky.q 7.92%
5 New Email-Worm.Win32.Zhelatin.o 6.83%
6 New Email-Worm.Win32.Warezov.ls 5.03%
7 +2 Net-Worm.Win32.Mytob.c 3.72%
8 New Email-Worm.Win32.Zhelatin.u 3.58%
9 New Email-Worm.Win32.Zhelatin.m 3.30%
10 -7 Email-Worm.Win32.NetSky.aa 3.27%
11 New Email-Worm.Win32.Zhelatin.r 2.87%
12 New Trojan-Downloader.Win32.Tibs.jr 2.43%
13 New Email-Worm.Win32.Zhelatin.t 1.94%
14 Return Email-Worm.Win32.Scano.gen 1.83%
15 Return Email-Worm.Win32.Nyxem.e 1.66%
16 Return Email-Worm.Win32.NetSky.b 1.59%
17 New Packed.Win32.PePatch.gr 1.52%
18 Return Net-Worm.Win32.Mytob.t 1.39%
19 -14 Email-Worm.Win32.Bagle.gen 1.26%
20 - Exploit.Win32.IMG-WMF.y 1.14%
Other malicious programs 12.86

However, the world of computer viruses takes after nature, in that it abhors a vacuum, and as usually, new and more dangerous malicious programs have come to fill the void.

This was the case in February, when we witnessed several epidemics caused by a new family of worms: Zhelatin.Zhelatin is the ‘storm worm’ that got such wide coverage in the mass media at the beginning of the year. The worm spreads as emails with a range of topics designed to pique the recipient’s curiosity – the terrible hurricane in Western Europe, the death of President Putin, and the resurrection of Saddam Hussein.

Although Zhelatin was initially thought to be a new Warezov variant, closer analysis revealed a new family of malicious programs which probably originated in Asia.

During February we issued three virus alerts with a ‘medium’ threat rating. All these alerts were due to the rapid spread of new Zhelatin variants in mail traffic. Naturally, these outbreaks have had an effect on the February Top Twenty: out of the nine new malicious programs, six of them are Zhelatin variants.

The struggle between Zhelatin and Bagle.gt resulted in a veteran worm, Netsky.t, taking first place, while Bagle.gt dropped back to second position. Zhelatin, meanwhile, managed by weight of numbers to occupy four of the top ten places.

When a new leader heads the rankings, there’s usually a general shake-up, with new programs making their first appearance, and old viruses making a comeback. As noted above, there are nine new malicious programs in the February Top Twenty, and four re-entries, including some old friends such as Nyxem.e, Scano.gen and Netsky.b. This demonstrates once again that today’s email worms have a long lifespan, and may be found in traffic years after their first appearance.

Other malicious programs made up a significant percentage (12.86%) of all malicious code found in mail traffic, indicating that a considerable number of other worms and Trojans are currently actively circulating.

Source: Kaspersky Labs.




Share this