Was September the end of the virus calm?

The industry wants to know: Will Bugbear signal the start of increased worm activity through the end of the year? Klez still leads the virus lists of most firms, but that stay at the top may be short-lived.

September may be the calm month before the storm for worm activity.

It was slow going until the final day when the Bugbear worm arrived. Bugbear will likely be one of the biggest in October, and perhaps for the year.

RECENT VIRUS COVERAGE:
Featured Topic: Virus alert - Bugbear

SearchSecurity news exclusive: "Savvy Bugbear now spreading faster than Klez"

SearchSecurity news exclusive: "Slapper variants pose minor threat"
Feedback on this story? Send your comments to News Writer Edward Hurley

The Klez worm was still the top piece of malicious code in September, easily beating newer threats. The Slapper worm that appeared mid-month was dwarfed by the Frethem and Yaha worms and old stalwarts like Nimda and Badtrans. Slapper exploited a vulnerability in OpenSSL running on Linux Apache Web servers.

Nimda has slowed down to 1,076 hits per hour during the third quarter, compared to more than 3,500 per hour in the first quarter. Hybrid threats, malicious code that can spread multiple ways, increased 29.46% during the same time period, according to Atlanta-based Internet Security Systems' quarterly list of Internet risks.

During that same time period, new vulnerabilities grew at 8.57%, said the report, which was released last week.

ISS also observed a 65% increase in vulnerabilities from the third quarter of 2002 compared to that period in 2001. Third quarter last year had 383 vulnerabilities while the same period this year had 583 reported vulnerabilities.

The company also found there were 16,342,620 security events during the third quarter. There were 21,982,672 in the second quarter. Actual security "incidents," however, were about the same with 1,482 in the second quarter and 1,385 during the last quarter. A security incident is defined as an actual attack or a security event with an unusual level of risk.

Incidentally, ISS found most the biggest day for security incidents was Tuesday. Here are how the other days of the week stacked up.

  • Sunday: 118,048
  • Monday: 182,567
  • Tuesday: 297,379
  • Wednesday: 232,505
  • Thursday: 191,618
  • Friday: 280,364
  • Saturday: 135,708

Here are the listing of topic viruses and worms for September as compiled by some antivirus software vendors:

Sophos' most frequent viruses and worms for Septmeber.
1. W32/Klez-H (Klez variant) 20.4%
2. JS/Except-Fam (Except Trojan) 15.5%
3. JS/NoClose (NoClose Trojan) 7.5%
4. W32/Duni-A (Duni) 4.9%
5. W32/Frethem-Fam (Frethem) 4.2%
6. W32/ElKern-C (ElKern variant) 4.0%
7. W32/Yaha-E (Yaha variant) 3.5%
8. W32/Nimda-D (Nimda variant) 2.9%
9. W32/Nimda-A (Nimda) 2.2%
10. W32/Badtrans-B (Badtrans variant) 1.8%
Others 33.1%

The top 20 viruses for September as compiled by Kaspersky Labs.
1. I-Worm.Klez 72.93%
2. I-Worm.Lentin 23.62%
3. Win95.CIH 0.27%
4. Trojan.Win32.Filecoder 0.17%
5. Macro.Word97.Thus 0.13%
6. I-Worm.Sircam 0.13%
7. I-Worm.Magistr 0.11%
8. Macro.Word97.Flop 0.04%
9. I-Worm.Cervivec 0.04%
10. I-Worm.Hybris 0.03%
11. Backdoor.Death 0.03%
12. Macro.Word97.Ethan 0.03%
13. Win32.FunLove 0.02%
14. Macro.Win97.Marker 0.02%
15. Macro.Word97.TheSecond 0.02%
16. Trojan.PSW.M2 0.01%
17. Backdoor.Antilam 0.01%
18. Worm.Linux.Slapper 0.01%
19. Palm.Phage 0.01%
20. Nuker.Win32.Nabber 0.01%

The following is Command Central's Dirty Dozen of worms and viruses for the month.
1. Worm/Klez.E (incl. G variant) 29.3%
2. Worm/Yaha.E 16.8%
3. W32/Elkern.C 10.8%
4. Worm/W32.Sircam 10.4%
5. W32/Nimda 4.7%
6. W32/Magistr.B 4.4%
7. W95/Hybris 3.0%
8. Worm/Badtrans.B 2.3%
9. W32/Funlove 1.8%
10. W32/Magistr.A 1.0%
11. Worm/Tanatos 0.5%
12. VBS/Redlof.A 0.5%
Others 14.5%

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close