Bugbear, Klez continue to threaten Internet

Leading antivirus software vendors say the Bugbear and Klez worms continue to spread on the Internet and network shares, and were the leading threats for November.

This Content Component encountered an error

The Bugbear and Klez worms continued to spread via the Internet and network shares in November, fending off newcomer Braid worm as the top threats of the month, according to several antivirus software vendors.

FOR MORE INFORMATION:
'Braid' worm drops FunLove virus

Guard against Bugbear using these tips

New Klez variant can do some damage


Past virus roundups
October
September
August
July
June
May
April
Feedback on this story? Send your comments to News Writer Edward Hurley

Bugbear burst on the virus scene in October to become the biggest viral threat of the second half of the year. The worm opens a backdoor in infected systems and installs a keystroke-logging program. The program can harvest passwords and other sensitive information with this program. Bugbear also attacks antivirus and firewall software.

The Braid (or Bride) worm surfaced in November. The worm is a mass-mailer that injects the FunLove virus when infecting a system. FunLove, however, hampered Braid's progress because the presence of FunLove alerts antivirus software. Braid exploits the same MIME header vulnerability as Klez and Bugbear, that allows it to execute without recipients needing to double-click the attachment.

Klez is still king for the year. Variants of the worm have been spreading since April. It has succeeded for a number of reasons. It generates random subject lines and file names, keeping users from looking for a particular subject line. The worm also searches infected machines for e-mail addresses in everything from documents to cached Web pages. It then sends out copies of itself using its own SMTP engine. One infected machine can literally pump out hundreds of infected messages.

Here are the top threats as reported by antivirus vendors:

Sophos' top 10 list of viruses and worms.
1. W32/Bugbear-A 29.4%
2. W32/Braid-A 8.5%
3. W32/Klez-H 7.7%
4. W32/Opaserv-A 5.4%
5. W32/Opaserv-C 5.1%
6. W32/Flcss 4.6%
7. W95/Spaces 3.3%
8. W32/Opaserv-F 2.5%
9. W32/Opaserv-B 2.1%
10. W32/Opaserv-D 2.0%
Others 29.4%

Panda Software's top 10 list for November.
1.W32/Klez.I 20.07%
2.W32/Bugbear 10.77%
3.Trj/PSW.Bugbear 6.35%
4.W32/Opaserv.E 6.09%
5.W32/Bride 5.62%
6.W32/Elkern. C 5.62%
7.W32/Funlove.4096 5.42%
8.W32/Opaserv.H 4.95%
9.W32/Nimda 4.63%
10.W32/Opaserv 4.54%

MessageLabs' list of intercepted viruses and worms for the month.
W32/Klez.H-mm 467192
W32/Yaha.E-mm 120177
W32/BugBear-mm 80593 [Also known as BugBear]
EML/Greeting-Card.E 45182 [www.friend-greeting.com]
W32/Braid.A-mm 19584 [README.EXE]
W32/SirCam.A-mm 16393
EML/Greeting-Card.J 7911 [Uses IP address instead of domain name]
W32/Yaha.C-mm 7604
W32/Magistr.B-mm 4752
W32/Klez.E-mm 4511 [PIF sending version]

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close