Virus Monitoring Service of Doctor Web, Ltd. reports on virus events in March 2007.

In the whole, March 2007 turned out to be quiet enough. Yet, it spared a surprise. Quietness like this is often expected to be followed by a storm: in practice all epidemics arise spontaneously. Competition between mail worms Win32.Dref (known as Storm Worm) and Win32.HLLM.Limar (also Email-Worm.Win32.Warezov or Win32/Stration), which seemed to have reached its climax in February 2007 slowed down in March. Creators of Win32.HLLM.Limar made two attempts to mass spread the worm, but both times their efforts were more of a local character and didn’t result in epidemics. Win32.Dref writers have followed their usual way launching frequent updates of program modules with polymorphic packers.

In the middle of March some worms of the Chinese origin outburst – the notorious Win32.HLLW.Whboy, Win32.HLLW.Gavir, Win32.HLLW.Hang and some new ones, such as Win32.HLLW.Bush and Win32.HLLM.Cobas. Besides, Win32.HLLM.Graz kept being modified all month long.

As for the surprise mentioned above it came to be an amazing mass diffusion of a newly-born script virus classified by Dr.Web as VBS.Igidak. Both Virus Monitoring Service of Doctor Web, Ltd. and Technical Support Team were reported on numerous virus events caused by VBS.Igidak. Strange as it might seem, in most cases the source of infection turned to be flash carriers. With web worms, mail worms and Trojans to compete for the Olive-branch of infection diffusion motor this new source of vulnerability can’t but puzzle. Yet, as statistics says, this epidemics was short enough to arise unrest:

In addition, the malware classified by Dr.Web as Trojan.Plastix spread out again. It was registered in the end of 2005 for the first time, when it was disseminated as the universal add funds code generator of mobile operators. Those who didn’t hesitate to take up such a "useful" program ended in disappointment pretty soon: numerous changes in system’s log actually disabled their computers by blocking both the log and windows options, deleting all the labels from the screen etc. When starting Windows, a warning appeared on the screen claiming that the computer was infected and its recovery required transferring of a fee to a certain e-mail account. Such cyber blackmail is not a frequent thing in the web. The latest wave of it was registered in January 2007 along with Trojan.Encoder.6 diffusion. Yet, every time it recovers strength it results in local epidemics. Users should be well aware that money transactions are out of question in situations like these. And they furthermore should be more careful when it comes to downloading of unknown programs. The check for viruses is strongly recommended before any such download. And if your PC still didn’t escape Trojan.Plastix, you are welcome to contact Technical Support Team of Doctor Web, Ltd. to recover your computer.

Virus statistics by Doctor Web, Ltd. in March, 2007

Virus detection in March, 2007 at mail servers and in networks protected by Dr.Web Anti-virus: