August Malware Top 10

September 2004

NetSky vs. Bagle

Last month's Malware Top 10 talked about quantity taking precedence over quality. Those opinions prove to have been well founded, since Netsky.D, a prolific, if not very new or effective, mass mailer is actually this month's top virus.

There seems to be a tendency to substitute the "all-in-one" virus or worm with a collection of cooperating malicious programs, each with a specific function. It is highly possible that this is exactly the factor that propelled Backdoor.SDBot.gen into the second position of the August Malware Top 10.

Since a patch against the LSASS vulnerability was issued, the worms that exploit it have had less and less success, slipping out of our top altogether, which would seem to indicate that many people have finally gotten hold of a clue and spare bandwidth and are now doing security updates.

Opening fishy mail attachments seems to be still en vogue, though, so the rest of this top ten looks like the clock has been turned back a few months, with Bagle and Netsky variants running for first place all over again.

A dishonorable mention goes to Zafi.B, whose writer's strategy of making it "speak" several European languages seems to have paid off.

Win32.Bagle.AG@mm 7.787328221
Win32.Netsky.B@mm 4.508724072