Bugbear, Klez continue to threaten Internet

Edward Hurley, News Writer

The Bugbear and Klez worms continued to spread via the Internet and network shares in November, fending off newcomer Braid worm as the top threats of the month, according to several antivirus software vendors.


    Requires Free Membership to View

'Braid' worm drops FunLove virus

Guard against Bugbear using these tips

New Klez variant can do some damage

Past virus roundups
Feedback on this story? Send your comments to News Writer Edward Hurley

Bugbear burst on the virus scene in October to become the biggest viral threat of the second half of the year. The worm opens a backdoor in infected systems and installs a keystroke-logging program. The program can harvest passwords and other sensitive information with this program. Bugbear also attacks antivirus and firewall software.

The Braid (or Bride) worm surfaced in November. The worm is a mass-mailer that injects the FunLove virus when infecting a system. FunLove, however, hampered Braid's progress because the presence of FunLove alerts antivirus software. Braid exploits the same MIME header vulnerability as Klez and Bugbear, that allows it to execute without recipients needing to double-click the attachment.

Klez is still king for the year. Variants of the worm have been spreading since April. It has succeeded for a number of reasons. It generates random subject lines and file names, keeping users from looking for a particular subject line. The worm also searches infected machines for e-mail addresses in everything from documents to cached Web pages. It then sends out copies of itself using its own SMTP engine. One infected machine can literally pump out hundreds of infected messages.

Here are the top threats as reported by antivirus vendors:

Sophos' top 10 list of viruses and worms.
1. W32/Bugbear-A 29.4%
2. W32/Braid-A 8.5%
3. W32/Klez-H 7.7%
4. W32/Opaserv-A 5.4%
5. W32/Opaserv-C 5.1%
6. W32/Flcss 4.6%
7. W95/Spaces 3.3%
8. W32/Opaserv-F 2.5%
9. W32/Opaserv-B 2.1%
10. W32/Opaserv-D 2.0%
Others 29.4%

Panda Software's top 10 list for November.
1.W32/Klez.I 20.07%
2.W32/Bugbear 10.77%
3.Trj/PSW.Bugbear 6.35%
4.W32/Opaserv.E 6.09%
5.W32/Bride 5.62%
6.W32/Elkern. C 5.62%
7.W32/Funlove.4096 5.42%
8.W32/Opaserv.H 4.95%
9.W32/Nimda 4.63%
10.W32/Opaserv 4.54%

MessageLabs' list of intercepted viruses and worms for the month.
W32/Klez.H-mm 467192
W32/Yaha.E-mm 120177
W32/BugBear-mm 80593 [Also known as BugBear]
EML/Greeting-Card.E 45182 []
W32/Braid.A-mm 19584 [README.EXE]
W32/SirCam.A-mm 16393
EML/Greeting-Card.J 7911 [Uses IP address instead of domain name]
W32/Yaha.C-mm 7604
W32/Magistr.B-mm 4752
W32/Klez.E-mm 4511 [PIF sending version]

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: