Netsky.q returns to top of virus chart

NetSky.q, the all-time leader for 2004 and 2005, has returned to head the virus Top 20 for June, according to information security software vendor, Kaspersky Lab. Hot on its heels is a worm from an equally old family, Bagle.gt. Last month’s leader, NetSky.t, slipped to third place.
 
Arguably the most noteworthy event this month was the disappearance of May’s rabble-rouser, Sober.aa. This virus re-appeared after a six-month stint in the shadows, suddenly taking fourth place before disappearing again. It is unlikely, however, that this family will be seen in future Top 20s.
 
Last month, older worms reinforced their position, and Sober.aa reappeared, squeezing out the young generation of dangerous Warezov worms. Nearly all of these worms disappeared from Kaspersky Lab’s reports in May, but they haven’t given up yet. Only a month ago, Kaspersky Lab analysed Agent.bgs, which came in eighth. This Trojan is designed to create Warezov botnets and it appears that this botnet was behind the flood of new Warezov variants in June.
 
Three new variants made it into the top 10 in June, with Warezov.oz ranking as high as fifth place. It’s likely that there will be a long line of new variants from these unknown authors for some time. Computers that are infected by Warezov are typically used as spamming platforms.
 
The Zhelatin family of worms has not been able to keep up with Warezov. This is the second month in a row that there has been no mention of these worms in the Kaspersky Lab rankings. Feebs and Scano are also slowly sliding down the table and could disappear at any time, just as Sober.aa did.
 
So, what is the virus world left with? This month there is NetSky, Mytob, Bagle and Warezov. It could be argued that these four worm families will be around for a long time, maybe even years (NetSky and Mytob already have a lengthy history). Just as Sober.aa disappeared, Nyxem.e reappeared. This worm is a big mystery. For a long time, it was the most common worm around.  Then, after disappearing from the Top 20, it resurfaced –  in leading positions. Then it disappeared again, and just when it appeared that it would be forgotten altogether, it has returned, this time in eleventh place.

The bottom half of the Top 20 is as unruly as usual. There are instances of some older variants of Mytob and NetSky, and interesting new viruses are holding their own, such as Win32.Grum.a.  And Exploit.Win32.IMG-WMF.y. is still exploiting vulnerabilities in WMF files. This exploit has been used to spread certain Feebs variants.

Other malicious programs made up 11.40 per cent of all malicious code in mail traffic, indicating that there is still a relatively large number of other worm and Trojan families in circulation.