Security Management Strategies for the CIOThe Bugbear and Klez worms continued to spread via the Internet and network shares in November, fending off newcomer Braid worm as the top threats of the month, according to several antivirus software vendors.
 |
|
Requires Free Membership to View
|
Bugbear burst on the virus scene in October to become the biggest viral threat of the second half of the year. The worm opens a backdoor in infected systems and installs a keystroke-logging program. The program can harvest passwords and other sensitive information with this program. Bugbear also attacks antivirus and firewall software.
The Braid (or Bride) worm surfaced in November. The worm is a mass-mailer that injects the FunLove virus when infecting a system. FunLove, however, hampered Braid's progress because the presence of FunLove alerts antivirus software. Braid exploits the same MIME header vulnerability as Klez and Bugbear, that allows it to execute without recipients needing to double-click the attachment.
Klez is still king for the year. Variants of the worm have been spreading since April. It has succeeded for a number of reasons. It generates random subject lines and file names, keeping users from looking for a particular subject line. The worm also searches infected machines for e-mail addresses in everything from documents to cached Web pages. It then sends out copies of itself using its own SMTP engine. One infected machine can literally pump out hundreds of infected messages.
Here are the top threats as reported by antivirus vendors:
Sophos' top 10 list of viruses and worms.
1. W32/Bugbear-A 29.4%
2. W32/Braid-A 8.5%
3. W32/Klez-H 7.7%
4. W32/Opaserv-A 5.4%
5. W32/Opaserv-C 5.1%
6. W32/Flcss 4.6%
7. W95/Spaces 3.3%
8. W32/Opaserv-F 2.5%
9. W32/Opaserv-B 2.1%
10. W32/Opaserv-D 2.0%
Others 29.4%
Panda Software's top 10 list for November.
1.W32/Klez.I 20.07%
2.W32/Bugbear 10.77%
3.Trj/PSW.Bugbear 6.35%
4.W32/Opaserv.E 6.09%
5.W32/Bride 5.62%
6.W32/Elkern. C 5.62%
7.W32/Funlove.4096 5.42%
8.W32/Opaserv.H 4.95%
9.W32/Nimda 4.63%
10.W32/Opaserv 4.54%
MessageLabs' list of intercepted viruses and worms for the month.
W32/Klez.H-mm 467192
W32/Yaha.E-mm 120177
W32/BugBear-mm 80593 [Also known as BugBear]
EML/Greeting-Card.E 45182 [www.friend-greeting.com]
W32/Braid.A-mm 19584 [README.EXE]
W32/SirCam.A-mm 16393
EML/Greeting-Card.J 7911 [Uses IP address instead of domain name]
W32/Yaha.C-mm 7604
W32/Magistr.B-mm 4752
W32/Klez.E-mm 4511 [PIF sending version]
Join the conversationComment
Share
Comments
Results
Contribute to the conversation