By Jo Best, 1 April 2004 12:50
NEWS As most users' distended inboxes will testify, March was the month of malware - with new variants of Netsky and Bagle appearing with greater regularity than the output of a small child that's overdosed on prunes.
According to statistics on most-reported malware from antivirus company Sophos, nine out of 10 of the worst pieces of malware in March were new arrivals and all of them were either Netsky or Bagle varients.
Only old-timer and SCO foe MyDoom.A hung on from last month's chart.
The two malware merchants behind the uber-virus duet have been at each other's throats, trading insults hidden in their code. The crown goes to Netsky, though, who has five in the top ten and takes the top spot. It's been a close race, however, and the virus chart even sees the duo tie for fourth place.
Graham Cluley, Sophos' senior technology consultant, said that he doesn't expect an end to the duel in the near future. "There's no sign yet that we've seen the last of Bagle and Netsky It's quite depressing to come back from holiday to find more variants of the Bagle and Netsky worms have continued to be released," he said.
March's virus chart in full:
1. Netsky.D 30.2 per cent
2. Netsky.B 12.3 per cent
3. Netsky.C 11.7 per cent
4= Bagle.C 3.5 per cent
4= Netsky.J 3.5 per cent
5. Bagle.E 3.4 per cent
6. Netsky.P 2.1 per cent
7. Bagle.H 1.5 per cent
8. Bagle.J 1.4 per cent
9. MyDoom.A 0.9 per cent
Others 29.5 per cent
Comments
There are 4 comments. Join the discussion
1. Colin Hinkley
I don't claim to undertstand what really motivates a virus writer but I would have thought that attention seeking was at least part of it. In publishing a chart like this, aren't you just encouraging them?
2. anonymous
Given that most virus writers are only in it to score points off their peers and claim their 15 minutes of fame, are we really helping matters by highlighting the competition in the same way as we used to do with the music charts (when sales of singles really were a reflection of popularity)? Surely this just glamourises the whole sordid practice and encourages others to join in?
3. Lionel A Smith
I am not at all surprised that variants of Netsky are prominent here.
Having grown used to mallware arriving purporting to come from Microsoft I was waiting for a shift to symantec.
Sure enough I received last Sunday an e-mail purporting to come from support@symantec.com titled, 'Re: Virus Sample' with the following in the text body,:
'The sample file you sent contains a new virus version of mydoom.j.
Please clean your system with the attached signature.'
Having downloaded the email onto a system running an OS other than Windows where it could do no harm, I dropped the attached datafile_[myemail].zip onto a floppy and put that disk into a PC and scanned with AV. Netsky.P was found.
Now most silicon.com regulars would be as suspcious as I and take appropriate action. The point is how many 'joe publics' using Norton AV will be taken in by this?
Enough to continue its propogation for certain.
4. John Lode
I agree with your other correspondent who states that publishing details such as this only encourages virus writers. It seems that you also treat this serious nuisance as a game in which there are league tables and refer to it as if this is a fun pastime. It is anything but; virus writers are criminals who deliberately attempt to disrupt and destry. I know of one company who, under pressure, folded after the last sever flood of virus-laden mails hit them. This action resulted in 30 people losing their jobs and income.
Therefore I rankle when I read 'league tables' of virus types. Let's have some more emphasis on investigation of the perpetrators. Perhaps some instances of public lynch mobs attacking them. Then you will have something 'fun' to report.