March 2008 proved to be somewhat atypical in terms of malicious code in mail traffic. Firstly, there were no new malicious programs in the Top Twenty. Secondly, the new malicious programs which had appeared in the last few months were also absent from the rankings, although there had been no indication that this would happen. And finally, this month’s chart contains an increased number of worms which we’ve been detecting for years.
So: let’s start with the programs that are missing from the rankings. One pleasant absence is that of the Trojan-Downloader Diehard. More than 150 modifications of this program have been detected in the course of the last five months, including five which made it into our rankings. This epidemic indicated that someone was preparing to create an enormous botnet. But now the mailings of Diehard have ceased. Has the botnet been created? The coming month will show us the real state of affairs.
Our old friend, NetSky.q, continues to lead the rankings this month, and Mydoom.m rose a significant nine places to come in second. The last time these two worms were in such close competition with each other was way back in 2004. Even more impressive is the rise of Mytob.t – another of the worms which were so common in 2004 – 2005 – up ten places to fifth position.
The only program which could more or less be termed new in the entire Top Twenty is another Trojan-Downloader. Small.hsl appeared a month ago and went straight to fifth place. In March it rose another position, and may climb even higher.
All the representatives of the Zhelatin (Storm Worm) and Warezov families have disappeared from the rankings. Nyxem.e has fallen ten places, and is now in thirteenth place. Worms from the NetSky family have come to fill the void created by the absence of new epidemics, with three of the five programs re-entering the rankings in March belonging to this family.
Overall, March has been the most peaceful month that we’ve seen for a while. However, as always there’s the nagging thought that it may simply be the calm before the storm.
Other malicious programs made up a certain percentage (3.36%) of all malicious code found in mail traffic, indicating that a number of other worms and Trojans are currently in active circulation.
Source: Kaspersky Lab.