Klez leads monthly malicious code list

Klez leads monthly malicious code list

April was a hectic month for malicious code, especially for users infected by the Klez worm.

FOR MORE INFORMATION:
See this searchSecurity exclusive, "Let Klez be a lesson to you"

See this searchSecurity exclusive, "Klez variant isn't slowing down"

See this searchSecurity exclusive, "New Klez variant can do some damage"


Feedback on this story? Send your comments to Assistant News Editor Edward Hurley

Klez variants accounted for nearly 80% of virus activity according to antivirus software vendors, with one, Panda Software, estimating that 7.2% of all machines are infected with the worm. The worm is the biggest infestation so far this year.

"Klez-H was the hard hitter. Some commentators went so far as to call this the biggest worm in the world ever," said Chris Wraight, technology consultant at Sophos Americas. "In reality, the success of Klez-H is damning evidence that computer users are failing to keep their anti-virus software up-to-date."

The Klez variants contained some features that make it hard to detect, like its ability to generate random subject lines and file names, keeping users from looking for a particular subject line. Additionally, the worm exploits a flaw in Microsoft Outlook that would execute the worm just by opening the message or viewing it through the preview pane. Klez variants also targeted antivirus software, which could also account for its progress, the experts said.

Klez also searched infected machines for e-mail addresses in everything from documents to cached Web pages. The worm uses its own SMTP engine and those addresses to spread. Some antivirus experts account the volume of the worm to its ability to send out large amounts of messages from one infected machine.

"Worm/Klez.G was definitely the problem child this month", said Steven Sundermeier, product manager at Central Command, Inc. "Additionally, confirmed infection reports for April were 6% higher than that of February and March combined."

Below are the monthly virus numbers from different antivirus vendors:

Sophos' top list of viruses
1. W32/Klez-G (Klez variants G & H) 77.8%
2. W32/Klez-E (Klez variant) 5.8%
3. W32/Badtrans-B (Badtrans variant) 4.7%
4. W32/Elkern-C (Elkern variant) 0.9%
5. W32/Magistr-B (Magistr variant) 0.8%
6. W32/Klez (Klez) 0.7%
6. W32/MyLife-F (MyLife variant) 0.7%
8. W32/Magistr-A (Magistr variant) 0.5%
8. W32/Sircam-A (Sircam variant) 0.5%
8. W32/Nimda-D (Nimda variant) 0.5%
Others: 7.1%

Command Central's most prevalent viruses list
1. Worm/Klez.E (includes G variant) 79.2%
2. W32/Elkern.C 11.8%
3. Worm/W32.Sircam 2.3%
4. W32/Nimda 1.3%
5. Worm/Badtrans.B 1.1%
6. W32/Magistr.B 1.0%
7. W95/Hybris 0.6%
8. Worm/MyLife.J 0.5%
9. W32/Magistr.A 0.4%
10. Worm/MyLife.F 0.3%
11. W95/MTX 0.3%
12. Worm/Gibe 0.2%
Others 1.0%

Symantec's top five virus threats
W32.Badtrans.B@mm
W32.Klez.gen@mm
W32.Nimda.A@mm
W32.Sircam.Worm@mm
W95.Hybris.Gen

Dig deeper on Security Resources

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close