Article

Slammer had company in January

Edward Hurley, News Writer

The Slammer worm caused a lot of racket at the end of January, but there were three e-mail-based worms earlier in the month that caused their own share of misery.

"If the month of January is any sign of the year to come, we could be in for a very long year," said Steven Sundermeier product manager at Central Command, Inc. of Medina, Ohio.

The month started with a bang with Yaha.K, a variant of a worm that first appeared late last year. Within a week, the Sobig worm hit, followed a week or so later by the Lirva worm.

Yaha.K broke late in December but spread well into January. The worm dropped three executable files into infected machines. One of the executables tries to disable antivirus and firewall processes. The worm travels with a variety of subject lines playing off interest in sports and computing in addition to more prurient interests.

Sobig's success was tied to its ability to mail itself out via its own SMTP engine. It also spread via local network shares. The worm harvested potential target e-mail addresses by searching text files and files with extensions like .dbx, .htm, .eml, .wab and .html.

The Lirva worm (also known as Naith and Avril) used interest in Canadian pop princess Avril Lavigne to spread. Variants of the worm accounted for almost 30% of support calls to U.K.-based enterprise antivirus vendor Sophos. In fact, the two variants of the worm took the first and second place on Sophos' monthly top 10 list of viruses

    Requires Free Membership to View

and worms.

The three worms together they accounted for 36.1% of all total infections recorded by Central Command. "They all utilized the well known vulnerability that allows for an attachment to be automatically executed within the preview pane of Microsoft Outlook," Sundermeier said.

The Slammer worm doesn't appear in any of the antivirus companies' top threats list because of the way they measure activity. Taking estimates of Slammer's progress, Kaspersky Labs calculated Slammer would have equaled nearly 50% of all malware activity for the month, easily taking the top spot for the month.

Here are the monthly lists from various antivirus companies:

Sophos' top 10 viruses and worms of the month.
1. W32/Avril-B 16.8%
2. W32/Avril-A 12.4%
3. W32/Klez-H 12.1%
4. W32/Sobig-A 6.1%
5. W32/Yaha-K 5.7%
6. W32/Bugbear-A 5.6%
7. W32/Yaha-E 3.3%
8. W32/ElKern-C 2.1%
9. W95/Spaces 1.5%
10. W32/Flcss 1.2%
Others 33.2%

Central Command's top 12 viruses and worms for January
1. Worm/Klez.E (incl. G variant) 27.2%
2. W32/Yaha.E 17.7%
3. Worm/Sobig.A 11.9%
4. Worm/Avril.A 10.8%
5. Worm/Yaha.M2 7.4%
6. Worm/Avril.B 6.0%
7. Worm/Bugbear 2.3%
8. Worm/Sircam.C 1.4%
9. W32/Elkern.C 1.3%
10. W32/Funlove 0.6%
11. W32/Nimda 0.5%
12. Worm/Opasoft 0.4%
Others 12.5%

Kaspersky Labs' top 20 most widespread malicious programs
1. I-Worm.Klez 16.65%
2. I-Worm.Lentin 8.75%
3. I-Worm.Sobig 6.57%
4. I-Worm.Avron 6.55%
5. Macro.Word97.Thus 5.17%
6. I-Worm.Hybris 3.13%
7. I-Worm.Roron 2.46%
8. I-Worm.Tanatos 1.92%
9. Backdoor.NetDevil 1.25%
10. Macro.Word97.Saver 1.17%
11. I-Worm.Magistr 0.95%
12. Macro.Word97.Marker 0.95%
13. Worm.Win32.Opasoft 0.79%
14. I-Worm.KakWorm 0.76%
15. Win95.CIH 0.72%
16. Trojan.Spy.SCKeyLog 0.71%
17. Backdoor.Death 0.67%
18. VBS.Redlof 0.66%
19. Win32.Elkern 0.66%
20. Win32.FunLove 0.65%
Other.Other dangerous programs 38.87%


FOR MORE INFORMATION:

SearchSecurity.com news exclusive: Yaha worm no longer a business threat

SearchSecurity.com news exclusive: ExploreZip, Avril worms a headache for businesses

SearchSecurity.com news exclusive: Worms off to fast start in 2003


Past Virus Roundups
December
November
October
September
August
July
June
May
April


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: