Informes sobre malware

Virus Top Twenty for March 2005

Position Change in position Name Percentage
1. +1 Email-Worm.Win32.NetSky.q 27.76
2. +5 Email-Worm.Win32.NetSky.aa 9.01
3. + 2 Email-Worm.Win32.NetSky.b 8.84
4. New Net-Worm.Win32.Mytob.c 8.21
5. +7 Email-Worm.Win32.Lovgate.w 4.48
6. -3 Email-Worm.Win32.Zafi.d 4.47
7. -6 Email-Worm.Win32.Zafi.b 3.86
8. Email-Worm.Win32.Mydoom.m 3.52
9. +4 Email-Worm.Win32.NetSky.d 3.05
10. +1 Email-Worm.Win32.Mydoom.l 2.77
11. -1 Email-Worm.Win32.NetSky.y 2.27
12. +2 Email-Worm.Win32.NetSky.x 1.58
13. +2 Email-Worm.Win32.NetSky.r 1.44
14. +3 Email-Worm.Win32.NetSky.t 1.32
15. +1 1.03
16. -10 1.00
17. – 13 Email-Worm.Win32.Bagle.ay 0.92
18. Re-entry 0.91
19. New Trojan-Spy.HTML.Bankfraud.dq 0.69
20. Re-entry Email-Worm.Win32.Bagle.gen 0.59
Other malicious programs 12.28

The situation that we’ve seen for the past few months continues, with Bagle, NetSky, Mydoom, Zafi and Lovgate competing with each other for places in our rankings. This month, our top three has changed again, with NetSky taking the top three places for the first time this year. And heading the chart is NetSky.q, the most widespread worm of 2004.

A surprise this month was the appearance of Mytob, a completely new family of worms. Malicious programs from this family are spreading actively, and Mytob.c, which was first detected on 4th March, is already in 4th place. This version is still spreading fast, and at the moment of writing, it’s effectively heading the table. The other 15 versions of Mytob, in comparison with Mytob.c, are relatively inactive.

Analysis shows that source code from Mydoom.a was used to create Mytob. However, some changes were made: Mytob also propagates via the LSASS vulnerability in the same way that Sasser did. This means that the worm has two replication mechanisms, which makes it a dangerous opponent indeed.
Lovgate.w still maintains a presence in our Top Twenty, continuing to move up and down the table – this month it jumped up 7 places. And, another representative of this family is also back in our rankings this month.

An interesting point this month is the fall of Zafi; in February, this worm occupied 1st and 3rd place, but in March it has slid down to 6th and 7th place. The Hungarian worm has never been so low in the ratings. This may be an indication that Zafi will gradually disappear from mail traffic, although NetSky and Mydoom are evidence of how long some of the older viruses can maintain their presence in the Internet.

As for the rest of March’s Top Twenty, there are two other particular points of interest.

Firstly is the fact that Bagle is still moving down the rankings, with and Bagle.ay occupying 10th and 13th place respectively. These worms, which were up there with the leaders in February, seem to have been sapped of their strength. Attempts to use these worms to cause a global epidemic seem to have been in vain, perhaps because they were quickly blocked by antivirus companies and ISPs.

Still on the subject of Bagle, during one 24 hour period in March the authors of this worm launched more than 10 new variants in the Internet. However, none of these versions managed to provoke even an outbreak. We released a generic detection for all these worms in the middle of the month, Bagle.pac, which came in in 50th place, showing that these worms were making up a mere 0.12% of all mail traffic in March.

Secondly, as per tradition, Trojan-Spy.HTML is still occupying a place in the Top Twenty. These malicious programs are used for phishing attacks, stealing the confidential data of users of on-line banking systems. In February our Trojan-Spy was Smitfraud, targeting clients of Smith Barney, and in March its place was taken by Bankfraud.dq, which targeted users of

This month a relatively large amount of other malicious programs were detected, making up 12.28% of malicious traffic intercepted. This shows that there are still a large number of worms and Trojan programs from other families still circulating.


New Mytob.c, Bankfraud.dq
Moved up NetSky.q, NetSky.aa, NetSky.b, Lovgate.w, NetSky.d, Mydoom.l, NetSky.x, NetSky.r, NetSky.t,
Moved down Zafi.d, Zafi.b, NetSky.y,, Bagle.ay
Re-appeared Mydoom.m
No change Bagle.gen,

Virus Top Twenty for March 2005

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *



MosaicRegressor: acechando en las sombras de UEFI

Encontramos una imagen de firmware de la UEFI infectada con un implante malicioso, es el objeto de esta investigación. Hasta donde sabemos, este es el segundo caso conocido en que se ha detectado un firmware malicioso de la UEFI usado por un actor de amenazas.

Dark Tequila Añejo

Dark Tequila es una compleja campaña maliciosa que tiene por objetivo a los usuarios ubicados en México, con el propósito principal de robar información financiera, así como credenciales de acceso a sitios populares que van desde versionado de código fuente a cuentas de almacenamiento de archivos en línea y de registro de dominios web.

De Shamoon a StoneDrill

A partir de noviembre de 2016, Kaspersky Lab observó una nueva ola de ataques de wipers dirigidos a múltiples objetivos en el Medio Oriente. El programa malicioso utilizado en los nuevos ataques era una variante del conocido Shamoon, un gusano que tenía como objetivo a Saudi Aramco y Rasgas en 2012.

Suscríbete a nuestros correos electrónicos semanales

Las investigaciones más recientes en tu bandeja de entrada