The Bugbear worm dislodged Klez as the top piece of malicious code for October, ending Klez's seven-month stay atop the monthly virus lists of leading antivirus vendors and research firms.
|
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
|
 |
Bugbear surfaced late in September and steadily traveled on networks through the first week of October. Bugbear is also called Tanat, Tanatos, WORM_NATOSTA.A and W32/Bugbear@MM.
"There was a brief period during the month when Bugbear accounted for nearly 60% of all total infection reports," said Steven Sundermeier product manager at Medina, Ohio-based Central Command, Inc.
Bugbear's author copied a lot of functionalities of Klez. For example, Bugbear takes advantage of a MIME and an IFRAME vulnerability in some versions of Microsoft Outlook, Microsoft Outlook Express and Internet Explorer. As a result, the attached worm can execute without the attachment being clicked on.
But unlike Klez, Bugbear dropped a key-logging program into infected systems. The program can harvest passwords, user names, credit card numbers and other sensitive information. The worm also opens a back door on port 36794, which can allow the worm's writer or others to steal that information.
Below are the monthly virus numbers from different antivirus vendors:
Kaspersky Labs' top 20 viruses for the month of October:
1. I-Worm.Tanatos 44.9%
2. I-Worm.Lentin 21.6%
3. I-Worm.Klez 14.0%
4. Macro.Word97.Thus 3.1%
5. I-Worm.Hybris 1.1%
6. I-Worm.Magistr 1.0%
7. Macro.Win97.Marker 1.0%
8. I-Worm.Sircam 0.7%
9. Macro.Word97.Flop 0.7%
10. Macro.Word97.Ethan 0.5%
11. Macro.Word97.TheSecond 0.5%
12. Macro.Word97.Onex 0.4%
13. Macro.Word97.Story 0.3%
14. I-Worm.Cervivec 0.3%
15. Joke.Win32.Train 0.3%
16. Backdoor.Death 0.3%
17. Macro.Word97.Dig 0.3%
18. Macro.Word97.Melissa 0.3%
19. Trojan.PSW.Gip.113 0.2%
20. Trojan.Win32.Erase2002 0.2%
Sophos' top ten viruses for the month:
1. W32/Bugbear-A 77.6%
2. W32/Klez-H 6.2%
3. W32/Opaserv-A 2.5%
4. W32/Yaha-E 1.1%
5. W32/Badtrans-B 0.8%
6. W32/Nimda-D 0.7%
W32/Opaserv-C 0.7%
W32/Opaserv-D 0.7%
W32/ElKern-C 0.6%
10. W32/Opaserv-B 0.5%
Others 8.6%
Central Command's top 12 viruses and worms for the month:
1. Worm/Klez.E (incl. G variant) 23.4%
2. Worm/BugBear 20.9%
3. W32/Yaha.E 11.5%
4. W32/Elkern.C 8.2%
5. Worm/W32.Sircam 6.0%
6. W32/Nimda 4.4%
7. W32/Magistr.B 3.8%
8. W95/CIH 3.1%
9. W95/Hybris 2.9%
10. W32/Funlove 1.4%
11. W32/Magistr.A 1.2%
12. Worm/Opasoft 0.7%
Others 12.5%