Report Unveils Top Twenty

WOBURN, Mass. -- The August online scanner Top Twenty is the most unusual we have seen since we started keeping records. On the one hand, it bucks the trends which we been seeing lately. On the other hand, it contains a large number of malicious programs which have not previously make it into the online rankings, but which are worth taking a closer look at.

It’s interesting that these changes took place after we stated that the July Top Twenty was something of a watershed. We can used it to define which viruses should logically be in the rankings, as they spread via the Internet, and which viruses appear purely because of the way the online scanner functions. The latter are likely to disappear next month as quickly as they appeared this month.

The first three entries in this month's online Top Twenty are similar to those found in the email rankings from the beginning of this year: three worms, two of which left their mark on 2004 and 2005, with Netsky.q being the most widespread virus of 2004. Both of these worms have now dropped out of the email rankings, and this indicates that they're no longer circulating widely in mail traffic. There could be several reasons why these programs have now made an appearance in our online statistics. The main reason is the different way we get statistics for our different Top Twenties. The email Top Twenty is based on data generated by our antivirus which is placed on several major email servers, and reflects the number of malicious programs intercepted and deleted. However, the online statistics relate to the computers of individual users, who may not have an antivirus solution installed. Because of this, the collection of malicious programs detected is often rather random.

Third and fourth place are occupied by Nyxem.e and Trojan-Dropper.Win32.Agent.asl. Nyxem.e has experienced a rebirth over the last few months, and we noticed its increased presence in mail traffic, meaning that it would merely be a matter of time before it appeared in the online statistics. Agent.asl, in spite of losing in percentage terms, managed to move up a place in the rankings.

The next six positions are occupied by a mixture of dangerous recent malicious programs, viruses which first appeared several years ago, and veteran malware which is unable to function on modern operating systems. Trojan-Downloader.Win32.Agent.arc and Trojan-Proxy.Win32.Horst.av belong to the first category. Horst.av is undoubtedly currently one of the most serious threats to users. This relatively complex multi-component Trojan includes a rootkit, and uses a range of polymorph techniques to evade detection by antivirus software.

Kaspersky Lab