April was a hectic month for malicious code, especially for users infected by the Klez worm.
Klez variants accounted for nearly 80% of virus activity according to antivirus software vendors, with one, Panda Software, estimating that 7.2% of all machines are infected with the worm. The worm is the biggest infestation so far this year.
"Klez-H was the hard hitter. Some commentators went so far as to call this the biggest worm in the world ever," said Chris Wraight, technology consultant at Sophos Americas. "In reality, the success of Klez-H is damning evidence that computer users are failing to keep their anti-virus software up-to-date."
The Klez variants contained some features that make it hard to detect, like its ability to generate random subject lines and file names, keeping users from looking for a particular subject line. Additionally, the worm exploits a flaw in Microsoft Outlook that would execute the worm just by opening the message or viewing it through the preview pane. Klez variants also targeted antivirus software, which could also account for its progress, the experts said.
Klez also searched infected machines for e-mail addresses in everything from documents to cached Web pages. The worm uses its own SMTP engine and those addresses to spread. Some antivirus experts account the volume of the worm to its ability to send out large amounts of messages from one infected machine.
"Worm/Klez.G was definitely the problem child this month", said Steven Sundermeier, product manager at Central Command, Inc. "Additionally, confirmed infection reports for April were 6% higher than that of February and March combined."
Below are the monthly virus numbers from different antivirus vendors:
Sophos' top list of viruses
1. W32/Klez-G (Klez variants G & H) 77.8%
2. W32/Klez-E (Klez variant) 5.8%
3. W32/Badtrans-B (Badtrans variant) 4.7%
4. W32/Elkern-C (Elkern variant) 0.9%
5. W32/Magistr-B (Magistr variant) 0.8%
6. W32/Klez (Klez) 0.7%
6. W32/MyLife-F (MyLife variant) 0.7%
8. W32/Magistr-A (Magistr variant) 0.5%
8. W32/Sircam-A (Sircam variant) 0.5%
8. W32/Nimda-D (Nimda variant) 0.5%
Command Central's most prevalent viruses list
1. Worm/Klez.E (includes G variant) 79.2%
2. W32/Elkern.C 11.8%
3. Worm/W32.Sircam 2.3%
4. W32/Nimda 1.3%
5. Worm/Badtrans.B 1.1%
6. W32/Magistr.B 1.0%
7. W95/Hybris 0.6%
8. Worm/MyLife.J 0.5%
9. W32/Magistr.A 0.4%
10. Worm/MyLife.F 0.3%
11. W95/MTX 0.3%
12. Worm/Gibe 0.2%
Symantec's top five virus threats