The most common worm or virus found in May was, to quote Yogi Berra, "deja vu all over again."
Yet again, variants of the Klez worm topped the monthly malicious code lists released by leading antivirus software vendors. The second most common virus/worm was the Elkern virus, which was carried by Klez. Klez accounted for more than 50% of virus activity while Elkern accounted for more than 20%.
Central Command's list of most common malicious code includes a new worm, Worm/Kazaa. This critter spreads via the Kazaa file-sharing network and drops more than a gigabyte of files onto hard drives it infects. The files contain names associated with movie titles, song titles or TV shows.
Given Klez's particularly pesky nature, it's not surprising that Klez was on top again in May, said Steven Sundermeier, product manager at Central Command, Inc. "With its powerful social engineering, address spoofing, and network-spreading capacity, Worm/Klez.G became the king of all viruses, in terms of its prolificacy, early this month," he said.
Yet Klez will likely fall down in the list as users think to update their virus definitions, said Chris Wraight, technology consultant at Sophos. "Putting a halt to the spread of Klez-H is as simple as updating your antivirus software and following safe computing practices," he said.
It seems users are heeding such advice. Klez variants accounted for about 80% of virus activity in April, about a third more than last month. So far, this year seems quiet for viruses, Wraight said. "But there is always a virus writer waiting in the wings," he added.
Below are the monthly virus numbers from different antivirus vendors:
Sophos' top list of viruses
1. W32/Klez-G (Klez variants G & H) 52.9%
2. W32/Elkern-C (Elkern variant) 23.7%
3. W32/Badtrans-B (Badtrans variant) 3.5%
4. W32/Magistr-B(Magistr variant) 2.1%
5. W32/Klez-E (Klez variant) 1.8%
6. W32/Magistr-A (Magistr) 1.3%
7. W32/Nimda-A (Nimda) 0.7%
7. W32/Nimda-D (Nimda variant) 0.7%
9. W32/Sircam-A (Sircam) 0.6%
10. W32/Flcss (FunLove) 0.5%
Command Central's most prevalent viruses list
1. Worm/Klez.E (includes G variant) 52.5%
2. W32/Elkern.C 31.8%
3. W32/Nimda 4.4%
4. W32/Magistr.B 3.0%
5. Worm/W32.Sircam 2.9%
6. Worm/Badtrans.B 2.1%
7. W95/Hybris 0.9%
8. W32/Magistr.A 0.5%
9. Worm/Kazaa 0.4%
10. W95/MTX 0.3%
11. W95/CIH.A 0.1%
12. W32/Gokar 0.1%
Symantec's top five virus threats