Article

Sobig and Bugbear variants kept admins busy in June

Edward Hurley, SearchSecurity.com News Writer

Enterprises came under assault from worms in June with a new variant of the Bugbear worm, two new versions of the Sobig worm and a few stalwarts continuing to have a presence on the lists of prevalent malicious code produced by the leading antivirus vendors.

Bugbear-B surfaced early in the month, while Sobig-E popped up in the closing days. Bugbear-B made a couple of malicious code lists for the month. It accounted for 30% of malicious code activity, according to Sophos' tabulations. Central Command said the worm accounted for 24.8% of its activity.

Sobig-E made slightly fewer inroads. The worm snagged the No. 4 position and nearly 10% of activity on Central Command's list. It spread via network file shares and by e-mailing copies of itself attached to messages. The worm traveled as a Zip file, which probably allowed it to spread, since end users tend to trust such files.

By contrast, Bugbear-B e-mailed itself as an executable file. It is also polymorphic, meaning it assumes a different appearance each time it hits an inbox. The worm pulls information from infected machines to use as the message text of its infecting e-mails.

Here are the lists of the leading malicious code for June:

Sophos:
W32/Bugbear-B 30.0%
W32/Sobig-C 25.0%
W32/Klez-H 3.8%
W32/Sobig-B 3.8%
Dial/PecDial-B 1.8%
W32/Rox-A 1.3%
W32/Flcss 1.2%
W32/Bugbear-A 1.1%
W32/Opaserv-G

    Requires Free Membership to View

1.1%
W32/Lovgate-E 0.9%
Others 30.0%

Trend Micro:
1. WORM_LOVEGATE.F
2. PE FUNLOVE.4099
3. PE LOVGATE.G
4. WORM KLEZ.H
5. YAHA.G
6. BAT SPYBOT.A
7. PE BUGBEAR.DAM
8. PE BUGBEAR.B
9. PE ELKERN.D
10. JS NIMDA.A

Central Command:
1. Worm/BugBear.B 24.8%
2. Worm/Klez.E (including G) 18.2%
3. Worm/Sobig.C 10.7%
4. Worm/Sobig.E 9.8%
5. Worm/Sobig.A 5.5%
6. W32/Yaha.E 3.2%
7. Worm/Hawawi.E 2.4%
8. Worm/Sobig.B 1.3%
9. Worm/BugBear 1.3%
10. W32/Funlove.4099 1.1%
11. W32/Nimda 1.0%
12. W32/Parite 0.7%
Others 20.0%

Kaspersky Labs:
1. I-Worm.Lentin 32.48%
2. I-Worm.Klez 17.69%
3. I-Worm.Tanatos 16.91%
4. I-Worm.Sobig 12.01%
5. Macro.Word97.Saver 1.17%
6. Macro.Word97.Thus 1.00%
7. VBS.Redlof 0.73%
8. I-Worm.Ganda 0.53%
9. Backdoor.Beastdoor 0.31%
10. Win95.CIH 0.29%
11. Backdoor.Assasin 0.28%
12. Backdoor.Optix 0.22%
13. Backdoor.SdBot.gen 0.21%
14. I-Worm Hybris 0.20%
15. Win32.Parite 0.20%
16. I-Worm.Avron 0.20%
17. I-Worm Hawawi 0.15%
18. Backdoor.Death 0.15%
19. I-Worm.Mapson 0.14%
20. Backdoor.IRC.Zcrew 0.14%
Other malicious programs 53.35%


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: