Sobig and Bugbear variants kept admins busy in June

Variants of the Sobig and Bugbear worms appeared in June, keeping enterprise IT administrators busy.

This Content Component encountered an error

Enterprises came under assault from worms in June with a new variant of the Bugbear worm, two new versions of the Sobig worm and a few stalwarts continuing to have a presence on the lists of prevalent malicious code produced by the leading antivirus vendors.

Bugbear-B surfaced early in the month, while Sobig-E popped up in the closing days. Bugbear-B made a couple of malicious code lists for the month. It accounted for 30% of malicious code activity, according to Sophos' tabulations. Central Command said the worm accounted for 24.8% of its activity.

Sobig-E made slightly fewer inroads. The worm snagged the No. 4 position and nearly 10% of activity on Central Command's list. It spread via network file shares and by e-mailing copies of itself attached to messages. The worm traveled as a Zip file, which probably allowed it to spread, since end users tend to trust such files.

By contrast, Bugbear-B e-mailed itself as an executable file. It is also polymorphic, meaning it assumes a different appearance each time it hits an inbox. The worm pulls information from infected machines to use as the message text of its infecting e-mails.

Here are the lists of the leading malicious code for June:

Sophos:
W32/Bugbear-B 30.0%
W32/Sobig-C 25.0%
W32/Klez-H 3.8%
W32/Sobig-B 3.8%
Dial/PecDial-B 1.8%
W32/Rox-A 1.3%
W32/Flcss 1.2%
W32/Bugbear-A 1.1%
W32/Opaserv-G 1.1%
W32/Lovgate-E 0.9%
Others 30.0%

Trend Micro:
1. WORM_LOVEGATE.F
2. PE FUNLOVE.4099
3. PE LOVGATE.G
4. WORM KLEZ.H
5. YAHA.G
6. BAT SPYBOT.A
7. PE BUGBEAR.DAM
8. PE BUGBEAR.B
9. PE ELKERN.D
10. JS NIMDA.A

Central Command:
1. Worm/BugBear.B 24.8%
2. Worm/Klez.E (including G) 18.2%
3. Worm/Sobig.C 10.7%
4. Worm/Sobig.E 9.8%
5. Worm/Sobig.A 5.5%
6. W32/Yaha.E 3.2%
7. Worm/Hawawi.E 2.4%
8. Worm/Sobig.B 1.3%
9. Worm/BugBear 1.3%
10. W32/Funlove.4099 1.1%
11. W32/Nimda 1.0%
12. W32/Parite 0.7%
Others 20.0%

Kaspersky Labs:
1. I-Worm.Lentin 32.48%
2. I-Worm.Klez 17.69%
3. I-Worm.Tanatos 16.91%
4. I-Worm.Sobig 12.01%
5. Macro.Word97.Saver 1.17%
6. Macro.Word97.Thus 1.00%
7. VBS.Redlof 0.73%
8. I-Worm.Ganda 0.53%
9. Backdoor.Beastdoor 0.31%
10. Win95.CIH 0.29%
11. Backdoor.Assasin 0.28%
12. Backdoor.Optix 0.22%
13. Backdoor.SdBot.gen 0.21%
14. I-Worm Hybris 0.20%
15. Win32.Parite 0.20%
16. I-Worm.Avron 0.20%
17. I-Worm Hawawi 0.15%
18. Backdoor.Death 0.15%
19. I-Worm.Mapson 0.14%
20. Backdoor.IRC.Zcrew 0.14%
Other malicious programs 53.35%

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close