Although not in the top five virus families this month, the Stration worm has been particularly active at the end of September, with new variants constantly being distributed. Statistics from SoftScan’s own intelligent content scanner, Paranoid that detects and stops malware before traditional anti-virus scanners have updated their signature databases, shows that this spike followed a period of subdued activity, which continued on and off for a few days at the beginning of the month.

On the 25th September dispersal activity of new variants of the Stration worm intensified with Paranoid stopping twice as many messages infected with Stration within the next ten hours, than it had done over the preceding 24 days. Of the total number of messages infected with Stration that SoftScan stopped overall, Paranoid trapped 14% before signature updates were available from its third party anti-virus scanners enabling them to then deal with the threat.

“The tactic of continually releasing new variants in the hope to catch out both anti-virus scanners and users that don’t constantly keep their anti-virus signature databases up-to-date isn’t new, just an annoyance – and Stration is no exception,” says Diego d'Ambra, CTO of SoftScan. “Though some anti-virus vendors are able to issue database signatures that cover more than one variant, there is always a risk that the malware writer may hit upon a variant that isn’t covered by a blanket signature, which is why heuristic scanning is so important.”

Top 5 virus families in September were:

1. phishing: 76.10%
2. netsky: 6.57%
3. mytob: 4.48%
4. bagle: 2.77%
5. downloader: 1.87%