Klez's staying power still a concern

The LovGate worm may have made headlines in February, but the 13-month-old Klez worm continues to harass networks worldwide.

LovGate, the only major new virus of February, barely cracked the antivirus companies' lists of the most prevalent viruses and worms for the month. What that says is old threats such as Klez and Yaha should still be taken seriously.

Once again, the Klez worm has captured the top spot in many antivirus companies' lists. Klez has been successful for a variety of reasons. It exploits a MIME and an IFRAME vulnerability in some versions of Microsoft Outlook, Microsoft Outlook Express and Internet Explorer that allows the worm to execute without the infected attachment being opened. Klez also spoofs e-mail addresses in an attempt to trick users into opening the worm, thinking it came from a known party. It also plucked potential target addresses from everything from Excel documents to cached Web pages.

LovGate showed up only in Sophos' list, and at No. 9, beyond old stalwarts such as Bugbear and Klez. The worm employs a unique twist of social engineering to entice mail recipients to open infected messages. It can also spread via network file shares and opens a system back door so attackers can gain control of infected computers.

"The new Lovgate worm may have been the most talked about virus in February, but it certainly wasn't the most prolific," said Chris Wraight, technology consultant at Sophos, Inc, noting Klez has had much more traction. "In its various guises, Klez has now been hanging around the chart for 13 months, making it the most persistent worm ever. People infected by Klez couldn't have updated their virus protection in quite some time. "

The Lirva worm, which was discovered in January, was also decently strong in February despite its namesake, Canadian pop princess Avril Lavigne, getting shutout at the Grammy awards last month. Two variants of the worm showed up on the various lists.

Command Central's most prevalent viruses for the month


1. Worm/Klez.E 34.3%
2. W32/Yaha.E 14.1%
3. Worm/Yaha.M2 10.6%
4. Worm/Avril.A 8.3%
5. Worm/Sobig.A 6.5%
6. Worm/Bugbear 3.2%
7. Worm/Avril.B 3.1%
8. W32/Nimda 1.6%
9. W32/Funlove 1.2%
10. Worm/Sircam.C 0.9%
11. W32/Elkern.C 0.7%
12. Worm/Badtrans.B 0.7%
Others 14.8%

Kaspersky Labs' Virus Top 20 for February


1. I-Worm.Klez 29.67%
2. I-Worm.Sobig 8.81%
3. I-Worm.Lentin 7.04%
4. Macro.Word97.Thus 3.12%
5. I-Worm.Avron 3.00%
6. I-Worm.Roron 2.87%
7. I-Worm.Hybris 2.49%
8. I-Worm.Tanatos 1.30%
9. Macro.Word97.Flop 0.98%
10. Macro.Word97.Saver 0.78%
11. Win95.CIH 0.71%
12. Worm.Win32.Opasoft 0.69%
13. Win95.Spaces 0.76%
14. Backdoor.Mosuck 0.58%
15. Backdoor.Antilam 0.57%
16. VBS.Redlof 0.53%
17. I-Worm.Stator 0.53%
18. Macro.Word97.Melissa 0.52%
19. Backdoor.Optix.Pro 0.51%
20. Macro.Word97.VMPC 0.50%
Other malicious programs 34.18%

Sophos' top 10 most prevalent viruses and worms


1. W32/Klez-H 13.7%
2. W32/Sobig-A 7.7%
3. W32/Avril-B 6.0%
4. W32/Yaha-E 4.6%
5. W32/Bugbear-A 4.3%
6. W32/Avril-A 3.1%
7. W32/Klez-E 2.4%
7. W32/Yaha-K 2.4%
9. W32/Lovgate-B 2.1%
9. W95/Spaces 2.1%
Others 51.6%

FOR MORE INFORMATION:

LovGate worm opens backdoor, hits network shares


Past Virus Roundups
January
December
November
October
September
August
July
June
May
April

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close