Familiar Viruses Dominate April's Online Threats

Old-timers like the Netsky, Mytob, and Bagle worms accounted for a large portion of the malware circulating on the Internet last month.
It seems the oldies really are golden -- at least when it comes to worms and viruses.

Malicious families like Netsky, Mytob, and Bagle have been around for years, but they all made two different security companies' Top 10 Malware lists for April. After taking up seven of the top 10 malware spots in Sophos' malware list in April of 2004, the Netsky worm is back three years later grabbing the No. 1 spot on Sophos' list for this April. Netsky created even more of a stir over at Kaspersky Lab, snaring four of the top 10 positions.

"In the three years since NetSky.t appeared, its highest ranking ever was fourth place in February 2006," reported Kaspersky researchers in an online advisory. "It subsequently disappeared from the rankings, but returned to lurk close to the top of the table. And this month it has taken first place by storm, pushing aside all the new generation worms."

The Bagle worm, which was first circulating on the Internet back in 2004, also made both lists this month, as did other oldies like Mytob and MyDoom.

"The reappearance of these malicious programs in the Top 20 was unexpected," wrote the Kaspersky researchers. "However, the number of times these programs have previously figured in the rankings bears witness to their tenacity and the size of epidemics caused by these worms in the past."

Graham Cluley, a senior technology consultant at Sophos, noted that many of the old worms are remaining strong despite the fact that antivirus software has been able to detect them for several years now, in some cases. The virus writers aren't being so creative these days, he added in an interview, simply because they don't need to be.

"Malware authors used to innovate because they were teenage boys showing off to their mates. Today, the people who write the malicious code are gangsters who aren't interested in impressing anyone other than their trophy girlfriends with the size of their bank balance," said Cluley. "The cybercriminals have realized they don't have to innovate that much in order to infect enough people to make money. For this reason, e-mails offering saucy pictures of Britney Spears and Paris Hilton still successfully manage to make money, by fooling people to click on... When old techniques like these work so well, there's no need for the bad guys to innovate too much."

Cluley also noted that while these top-ranking worms and Trojans are crossing the Internet via e-mail, the growing threat is from legitimate Web sites that have been hacked into and littered with malicious code.

"What's important to bear in mind is that the hackers are increasingly using the Web rather than e-mail to attack people," he added. "On an average day, we are seeing 5,000 new Web pages containing malicious code, and e-mails are often sent out linking to these infected pages. Seventy percent of the infected Web pages are based on legitimate sites. In other words, they have been hacked into by cybercriminals in an attempt to infect the unsuspecting public."