My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to the news list

March virus review by Doctor Web, Ltd.

April 1, 2007

Virus Monitoring Service of Doctor Web, Ltd. reports on virus events in March 2007.

In the whole, March 2007 turned out to be quiet enough. Yet, it spared a surprise. Quietness like this is often expected to be followed by a storm: in practice all epidemics arise spontaneously. Competition between mail worms Win32.Dref (known as Storm Worm) and Win32.HLLM.Limar (also Email-Worm.Win32.Warezov or Win32/Stration), which seemed to have reached its climax in February 2007 slowed down in March. Creators of Win32.HLLM.Limar made two attempts to mass spread the worm, but both times their efforts were more of a local character and didn’t result in epidemics. Win32.Dref writers have followed their usual way launching frequent updates of program modules with polymorphic packers.

In the middle of March some worms of the Chinese origin outburst – the notorious Win32.HLLW.Whboy, Win32.HLLW.Gavir, Win32.HLLW.Hang and some new ones, such as Win32.HLLW.Bush and Win32.HLLM.Cobas. Besides, Win32.HLLM.Graz kept being modified all month long.

As for the surprise mentioned above it came to be an amazing mass diffusion of a newly-born script virus classified by Dr.Web as VBS.Igidak. Both Virus Monitoring Service of Doctor Web, Ltd. and Technical Support Team were reported on numerous virus events caused by VBS.Igidak. Strange as it might seem, in most cases the source of infection turned to be flash carriers. With web worms, mail worms and Trojans to compete for the Olive-branch of infection diffusion motor this new source of vulnerability can’t but puzzle. Yet, as statistics says, this epidemics was short enough to arise unrest:

In addition, the malware classified by Dr.Web as Trojan.Plastix spread out again. It was registered in the end of 2005 for the first time, when it was disseminated as the universal add funds code generator of mobile operators. Those who didn’t hesitate to take up such a "useful" program ended in disappointment pretty soon: numerous changes in system’s log actually disabled their computers by blocking both the log and windows options, deleting all the labels from the screen etc. When starting Windows, a warning appeared on the screen claiming that the computer was infected and its recovery required transferring of a fee to a certain e-mail account. Such cyber blackmail is not a frequent thing in the web. The latest wave of it was registered in January 2007 along with Trojan.Encoder.6 diffusion. Yet, every time it recovers strength it results in local epidemics. Users should be well aware that money transactions are out of question in situations like these. And they furthermore should be more careful when it comes to downloading of unknown programs. The check for viruses is strongly recommended before any such download. And if your PC still didn’t escape Trojan.Plastix, you are welcome to contact Technical Support Team of Doctor Web, Ltd. to recover your computer.

Virus statistics by Doctor Web, Ltd. in March, 2007

7129 entries have been added to Dr.Web virus database in March, 2007. Find below a short summary table of on-line monthly virus scan at

Virus name Quantity
Win32.HLLM.Limar 274
Trojan.Virtumod 210
Trojan.Peflog.31 199
Trojan.Packed.69 149
Trojan.Peflog.30 141
VBS.Psyme.239 138
Win32.HLLM.Wukill 125
Trojan.Peflog.52 104
Trojan.PWS.GoldSpy 74
Trojan.Spambot 67

Virus detection in March, 2007 at mail servers and in networks protected by Dr.Web Anti-virus:

Virus name % of the overall quantity
Win32.HLLP.Sector 18.23
Win32.HLLM.Beagle 13.32
Win32.HLLM.Netsky.35328 11.76
Win32.HLLM.Perf 10.49
Win32.HLLM.MyDoom.based 6.96
Trojan.Bankfraud.272 6.46
Win32.HLLM.Netsky.based 5.93
Win32.HLLM.MyDoom.49 5.61
Win32.HLLM.MyDoom.33808 2.69
Win32.HLLM.Graz 2.01
Win32.HLLM.Limar.based 1.55
Win32.HLLM.Limar 1.21
Trojan.Spambot 0.84
Win32.HLLM.Netsky 0.80
Exploit.IframeBO 0.79
Exploit.MS05-053 0.56
Win32.Grum 0.49
Program.RemoteAdmin 0.49
Win32.HLLM.MyDoom 0.45
Exploit.IFrame 0.44
Other malware 8.82

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments