May saw a variety of incidents, F-Secure issued a Radar Level 2 warning about W32/Kickin.A@mm on the 7th. It sends emails to addresses it finds in the Windows address book, HTML files, and XML files. The emails have a variety of content, including personal, sexual, the Iraq war and SARS.
W32/Fizzer@mm appeared on 8th May, F-Secure initially issued a Radar Level 2 warning, but upgraded that to Radar Level 1 on the 13th. MessageLabs currently has it rated as High Risk from its statistics. Fizzer can spread on KaZaA peer-to-peer networks, and by emailing itself to addresses from the Windows and Outlook address books and random addresses at some major webmail domains. It includes an IRC backdoor Trojan.
W32.Sobig.B@mm appeared on the 18th, but various anti-virus developers named it W32/Palyh@mm or W32.HLLW.Mankx@mm. F-Secure upgraded their Radar Level 2 alert to Level 1 on the 19th, and MessageLabs currently rates it as High Risk. That is likely to change as it is programmed to stop spreading on 31st May. Sobig.B arrives in an email that appears to come from support@microsoft.com.
On the 29th, F-Secure issued a Radar Level 2 alert for W32/Holar.h@mm. It spreads over email and KaZaA peer-to-peer networks. It also has a destructive payload, after 30 reboots, the virus attempts to delete all files on drive C:.