Convicted German virus author Sven Jaschan`s Netsky virus is still at the top of the virus lists for July, while Mytob variants account for most of the top 10 entrants, say Sophos and Kaspersky Lab.
The Sophos monthly virus report, released by local Sophos distributor Netxactics, shows Netsky-P with 13.9% of reported incidents, while Mytob variants account for around 37% of all reported viruses.
"The sheer volume and range of the Mytob worms sees them hog most positions in the virus chart. It`s not the viciousness of the worm that is the problem, but the constant onslaught of slightly differing variants," says Brett Myroff, CEO of Netxactics.
"This month`s only new entry into the chart is another family member, Mytob-CX, and despite accounting for only 3.2% of viruses in July, it shows the Mytob threat continues to plague computer users."
Kaspersky Lab, based in Russia, showed similar results for reported viruses in July, with Jaschan`s Netsky-Q topping its chart, while Mytob variants accounted for five of the top 10 positions.
The Mytob variants infect networks via e-mail with many being able to take advantage of known software vulnerabilities, says Myroff.
Many Mytob versions are also equipped with malicious code that enables them to communicate with the outside world, while some new Mytob variants have adopted a trick commonly used by phishers, where an e-mail directs recipients to a Web site and they involuntarily download the worm, adds Myroff.
"The good news is that although the Mytob army is tricky, it is controllable."
Changing tactics
Kaspersky Lab says a new analysis of trends in malware evolution shows cyber criminals are changing tactics to improve their return on investment.
Yury Mashevsky, senior virus analyst at Kaspersky, compiled the report, entitled "A turning-point in malicious program development", which extends from January 2003 to May 2005.
"The rate at which VirWare (viruses and worms) and TrojWare (Trojans and spyware) programs were added to anti-virus databases indicates that cyber-criminals are changing their tactics. Instead of organising large-scale virus outbreaks, cyber-criminals are mailing spam containing Trojans and backdoors that are not capable of propagating on their own," says Mashevsky.
"The trend is due to economic expediency: developing such programs is incomparably cheaper and easier than creating fully-fledged network worms, while the same Trojan can be easily hidden from the watchful eye of anti-virus programs by using a multitude of different compression utilities."
Local virus commentators agree. "It is a lot easier to develop a simple Trojan backdoor than a large-scale outbreak worm," says Justin Stanford, CEO of anti-virus vendor NOD32. "These worms are also circumstantially reliant; in other words, they need a new hole to be discovered in something like Windows which can be exploited for the worm to work.
"Spam uses a numbers game which makes it easier to hit targets. For example, you send 1 billion e-mails of which maybe 10 million will reach genuine recipients, of which maybe 5 million may actually read the e-mail, of which 3 million might actually infect themselves as a result."
However, the power of a good worm making use of an unpatched security flaw in an operating system should not be underestimated, as this type of attack is still the most devastating, he adds.
Myroff doesn`t believe economic reasons dictate how the virus writer or "criminal" distributes the payload. Rather, it is the method that is most effective that is important for these people, he says.
No need for hype
Mashevsky`s report also illustrated an explosive growth in adware programs and Kaspersky Lab detections show a surge in the growth of new malicious threats for platforms other than Microsoft Windows.
However, Myroff says, threats have always existed for "other" platforms, albeit not as many or as prevalent.
"Increases in these threats and the visibility thereof are increasing as these 'alternative` platforms become more popular, but we do not believe there is a need to create panic or hype around this, just ensure you have composite, integrated protection."
Related story:
Sober-N tops May virus chart
Share
