Netsky is the unquestioned champion of the "Dirty Dozen," the 12 most pestiferous computer viruses for the month of March. Variants hold the top four positions among the top 12, with the Netsky family itself accounting for a whopping 70.5 percent of all March virus and worm occurrences, according to antivirus and security service provider Central Command.
The company issued its survey April 1 and showed that, based on the number of virus occurrences during March, Netsky.D was the unquestioned king by a wide margin, accounting for 35.9 percent of such occurrences, more than double that of second place Netsky.B (16.3 percent) and Netsky.P (11 percent), with Netsky.C a very distant fourth at 4.8 percent.
The top ranker among the other viruses doing their worst during March, Central Command said, was MyDoom.F at 2.2 percent, followed by the original MyDoom.A at 1.4. Bagle.J took seventh position at 1.2 percent, followed by two Netsky variants - K (1 percent) and Q (0.8 percent) - and then Sober.D (0.7), Netsky.A (0.7), and MyDoom.G (0.5). Other viruses and worms totaled 23.5 percent of March occurrences, the company said.
Central Command updated for 15 Netsky variants alone during March. "Throughout the month it wasn't really a question of 'if' we'll see another release, it was more of a question of 'when'," said vice president of products and services Steven Sundermeier, announcing the survey results. "I'm sure some batteries of pagers and beepers will probably need to be replaced."
The company's Vexira Antivirus was updated for 1,419 different viruses, worms, and other malicious applications during March, Sundermeier said.
Netsky's mischief isn't even close to being finished just yet. Symantec - the makers of Norton Antivirus - say a new Netsky variant, Netsky.R, which itself is said to be a variant of the Q variant, is considered a "wild" threat for now, with reported easy detection, containment, and removal, and extremely limited geographical distribution. The company said Netsky.R at this writing has caused 49 infections known to Symantec spotters.
But Symantec is also warning about a worm known as Gaobot.UL, which has also been spotted in only 49 known infections but is capable of slowing or even crashing a computer and is considered more difficult to contain and remove than the other worms.
Gaobot exploits network shares with weak passwords and lets attackers access infected machines through predetermined Internet Relay Chat channels. Gaobot tries infecting every system running on a computer at the time and, if it succeeds, it hides itself from inspection by any processes and infects any newly created processes in memory, Symantec said.