Article

Klez leads monthly malicious code list

Edward Hurley, Assistant News Editor

April was a hectic month for malicious code, especially for users infected by the Klez worm.

FOR MORE INFORMATION:

    Requires Free Membership to View

See this searchSecurity exclusive, "Let Klez be a lesson to you"

See this searchSecurity exclusive, "Klez variant isn't slowing down"

See this searchSecurity exclusive, "New Klez variant can do some damage"


Feedback on this story? Send your comments to Assistant News Editor Edward Hurley

Klez variants accounted for nearly 80% of virus activity according to antivirus software vendors, with one, Panda Software, estimating that 7.2% of all machines are infected with the worm. The worm is the biggest infestation so far this year.

"Klez-H was the hard hitter. Some commentators went so far as to call this the biggest worm in the world ever," said Chris Wraight, technology consultant at Sophos Americas. "In reality, the success of Klez-H is damning evidence that computer users are failing to keep their anti-virus software up-to-date."

The Klez variants contained some features that make it hard to detect, like its ability to generate random subject lines and file names, keeping users from looking for a particular subject line. Additionally, the worm exploits a flaw in Microsoft Outlook that would execute the worm just by opening the message or viewing it through the preview pane. Klez variants also targeted antivirus software, which could also account for its progress, the experts said.

Klez also searched infected machines for e-mail addresses in everything from documents to cached Web pages. The worm uses its own SMTP engine and those addresses to spread. Some antivirus experts account the volume of the worm to its ability to send out large amounts of messages from one infected machine.

"Worm/Klez.G was definitely the problem child this month", said Steven Sundermeier, product manager at Central Command, Inc. "Additionally, confirmed infection reports for April were 6% higher than that of February and March combined."

Below are the monthly virus numbers from different antivirus vendors:

Sophos' top list of viruses
1. W32/Klez-G (Klez variants G & H) 77.8%
2. W32/Klez-E (Klez variant) 5.8%
3. W32/Badtrans-B (Badtrans variant) 4.7%
4. W32/Elkern-C (Elkern variant) 0.9%
5. W32/Magistr-B (Magistr variant) 0.8%
6. W32/Klez (Klez) 0.7%
6. W32/MyLife-F (MyLife variant) 0.7%
8. W32/Magistr-A (Magistr variant) 0.5%
8. W32/Sircam-A (Sircam variant) 0.5%
8. W32/Nimda-D (Nimda variant) 0.5%
Others: 7.1%

Command Central's most prevalent viruses list
1. Worm/Klez.E (includes G variant) 79.2%
2. W32/Elkern.C 11.8%
3. Worm/W32.Sircam 2.3%
4. W32/Nimda 1.3%
5. Worm/Badtrans.B 1.1%
6. W32/Magistr.B 1.0%
7. W95/Hybris 0.6%
8. Worm/MyLife.J 0.5%
9. W32/Magistr.A 0.4%
10. Worm/MyLife.F 0.3%
11. W95/MTX 0.3%
12. Worm/Gibe 0.2%
Others 1.0%

Symantec's top five virus threats
W32.Badtrans.B@mm
W32.Klez.gen@mm
W32.Nimda.A@mm
W32.Sircam.Worm@mm
W95.Hybris.Gen


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: