Hardy perennials dominate virus chart

Darling botnets of May

Warning: biohazard

May's virus charts were a throwback to the end of 2005, with old favourites such as Netsky, Bagle, and Sober once again dominating run-downs of the worst malware menaces.

Netsky-T and Netsky-Q, which occupy first and second places in Kaspersky's chart, have been among the leaders for some time. The Bagle-GT variant has been steadily growing over recent months but the re-entry of a variant of the Sober worm (Sober-AA) in the fourth berth of the chart came as a surprise to the Russian anti-virus specialists. The first samples of this worm were intercepted on 7 April 2007, long after the release of the last previous version, Sober-Z, in November 2005.

Sober-Z was one of the most widespread worms of its time and rumours suggested the German police were about to arrest a suspect for the botnet-friendly malware. Nothing of the kind happened and the world was allowed to forget Sober for over a year. It's unclear whether the new worm is the work of the original virus author - who's been lying low for a while - or someone else, who's obtained access to source code for the worm.

As fresh variants of dimly-remembered malware strains have begun to reassert their dominance, newer threats (such as the Warezov and Zhelatin worm families) have faded. Warezov-WS, which came second in the April Top 20, has fallen from the bottom of the table. However, a Trojan downloader which installs versions of Warezov has risen to eighth place in the charts, creating the potential for an upsurge in Warezov and related botnet activity over coming months.

Tricking users into visiting maliciously coded sites has replaced infectious email attachments as the preferred method to spread malware over recent months.

Last month, net security firm Sophos uncovered 9,500 new infected web pages daily, an increase of more than 1,000 every day compared to April. In total, Sophos identified 304,000 web pages hosting malicious content in May. ®

Sponsored: Designing and building an open ITOA architecture