September may be the calm month before the storm for worm activity.
It was slow going until the final day when the Bugbear worm arrived. Bugbear will likely be one of the biggest in October, and perhaps for the year.
The Klez worm was still the top piece of malicious code in September, easily beating newer threats. The Slapper worm that appeared mid-month was dwarfed by the Frethem and Yaha worms and old stalwarts like Nimda and Badtrans. Slapper exploited a vulnerability in OpenSSL running on Linux Apache Web servers.
Nimda has slowed down to 1,076 hits per hour during the third quarter, compared to more than 3,500 per hour in the first quarter. Hybrid threats, malicious code that can spread multiple ways, increased 29.46% during the same time period, according to Atlanta-based Internet Security Systems' quarterly list of Internet risks.
During that same time period, new vulnerabilities grew at 8.57%, said the report, which was released last week.
ISS also observed a 65% increase in vulnerabilities from the third quarter of 2002 compared to that period in 2001. Third quarter last year had 383 vulnerabilities while the same period this year had 583 reported vulnerabilities.
The company also found there were 16,342,620 security events during the third quarter. There were 21,982,672 in the second quarter. Actual security "incidents," however, were about the same with 1,482 in the second quarter and 1,385 during the last quarter. A security incident is defined as an actual attack or a security event with an unusual level of risk.
Incidentally, ISS found most the biggest day for security incidents was Tuesday. Here are how the other days of the week stacked up.
- Sunday: 118,048
- Monday: 182,567
- Tuesday: 297,379
- Wednesday: 232,505
- Thursday: 191,618
- Friday: 280,364
- Saturday: 135,708
Here are the listing of topic viruses and worms for September as compiled by some antivirus software vendors:Sophos' most frequent viruses and worms for Septmeber.
1. W32/Klez-H (Klez variant) 20.4%
2. JS/Except-Fam (Except Trojan) 15.5%
3. JS/NoClose (NoClose Trojan) 7.5%
4. W32/Duni-A (Duni) 4.9%
5. W32/Frethem-Fam (Frethem) 4.2%
6. W32/ElKern-C (ElKern variant) 4.0%
7. W32/Yaha-E (Yaha variant) 3.5%
8. W32/Nimda-D (Nimda variant) 2.9%
9. W32/Nimda-A (Nimda) 2.2%
10. W32/Badtrans-B (Badtrans variant) 1.8%
The top 20 viruses for September as compiled by Kaspersky Labs.
1. I-Worm.Klez 72.93%
2. I-Worm.Lentin 23.62%
3. Win95.CIH 0.27%
4. Trojan.Win32.Filecoder 0.17%
5. Macro.Word97.Thus 0.13%
6. I-Worm.Sircam 0.13%
7. I-Worm.Magistr 0.11%
8. Macro.Word97.Flop 0.04%
9. I-Worm.Cervivec 0.04%
10. I-Worm.Hybris 0.03%
11. Backdoor.Death 0.03%
12. Macro.Word97.Ethan 0.03%
13. Win32.FunLove 0.02%
14. Macro.Win97.Marker 0.02%
15. Macro.Word97.TheSecond 0.02%
16. Trojan.PSW.M2 0.01%
17. Backdoor.Antilam 0.01%
18. Worm.Linux.Slapper 0.01%
19. Palm.Phage 0.01%
20. Nuker.Win32.Nabber 0.01%
The following is Command Central's Dirty Dozen of worms and viruses for the month.
1. Worm/Klez.E (incl. G variant) 29.3%
2. Worm/Yaha.E 16.8%
3. W32/Elkern.C 10.8%
4. Worm/W32.Sircam 10.4%
5. W32/Nimda 4.7%
6. W32/Magistr.B 4.4%
7. W95/Hybris 3.0%
8. Worm/Badtrans.B 2.3%
9. W32/Funlove 1.8%
10. W32/Magistr.A 1.0%
11. Worm/Tanatos 0.5%
12. VBS/Redlof.A 0.5%