December 2005 was a month of great instability in terms of virus threats, in sharp contrast to the stability shown by the leaders of the Virus Top Twenty in November last year, Kaspersky Lab says in a statement.
The Russian anti-virus vendor notes that there were significant changes in the top six positions, with yet another set of worms topping the ratings.
"Against all expectations, the leader was not a worm from the Mytob or Doombot families, but Zafi.d, which has been in circulation for over a year and a half. Zafi.d made up almost 30% of all malicious programmes intercepted this month (December), a very impressive figure."
The leader for the past few months in 2005, Mytob.c, dropped into second place (17.3% of all malicious programmes), although the number of samples detected remained almost at its previous level.
In November, Sober.y was the malicious program which received the most publicity, Kaspersky Lab says, adding that its statistics show that this worm occupied 13th place during that month.
"This was due to the fact that in spite of causing an epidemic, the worm sent itself to e-mail addresses in Western Europe, leaving Russia largely untouched. However, the epidemic was so large that at some stage it was bound to reach Russia, and in December this came to pass.
"Sober.y rose by nine places to reach fourth place. Sometime around the middle of December, it stopped sending itself out and retreated into hibernation. However, some data shows that it will come out of hibernation on 5 January, during the night, when it will attempt to download a new version of itself to computers which it had previously infected."
Kaspersky claims that the author of Sober may also use the new version of the worm to mass mail millions of emails containing right wing/Nazi propaganda.
"To sum up, the top five includes two worms from the Zafi family, one Mytob, one Sober and one LovGate. Apart from Mytob.c, there`s no sign of Mytob`s previous domination among the leaders. In spite of the fact that 10 Mytob variants remain in the Top Twenty, it seems likely that soon they will be edged out by the new worms which will start to appear in 2006.
"Thirteenth place in our Top Twenty is highly-significant, as it`s occupied not by a worm, not by a virus, but by an e-mail. Trojan-Spy.HTML.Bayfraud.hn is one of the many hundreds of phishing e-mails which were sent to eBay users in December 2005. A figure of 1.36% of all virus traffic is very respectable, and shows that phishing is not going to disappear from the cyber threat horizon, but is continuing to evolve, and will remain a major security problem in 2006."
Share
