Article

Mimail-A peaks; Klez's staying power 'unparalleled'

Edward Hurley, SearchSecurity.com News Writer

The Mimail-A worm, which pretends to be a message from an enterprise e-mail administrator, appears to have peaked.

U.K.-based e-mail filtering outsourcer MessageLabs said it captured 30,000 copies of Mimail at its height on Monday. On Tuesday, the firm said it had trapped 26,000.

Mimail does not exploit the Windows RPC-DCOM vulnerability, as some have feared. It does target vulnerabilities in Internet Explorer and Microsoft Outlook Express known as the Object Tag code base exploit and MHTML exploit.

Attackers exploiting those flaws can run code of their choice on vulnerable machines. The following versions are vulnerable: Microsoft Outlook Express 5.5, Microsoft Outlook Express 6.0, Microsoft Internet Explorer 5.01, Microsoft Internet Explorer 5.5, and Microsoft Internet Explorer 6.0.

Mimail-A began spreading on the Internet on Friday. The worm gained some traction because of its social engineering, which makes it appear to come from the user's e-mail administrator. For example, someone with a SearchSecurity.com e-mail address would get a message from "admin@searchsecurity.com."

While July was a busy month for Microsoft vulnerabilities, it was a fairly slow month for viruses and worms. Few new creepy crawlies made any real traction, but some old ones were still going strong.

In July, variants of Klez, Sobig and Bugbear topped the lists of prolific malicious code from the antivirus software vendors. "What we have seen with

    Requires Free Membership to View

Worm/Klez.E is unparalleled to any past Internet worm, as it continues to show extraordinary staying power," said Steven Sundermeier, product manager of Central Command Inc., noting that the worm topped 12 out of the last 15 monthly lists.

The only worms that made some minor waves were variants of the Gruel worm, a mass mailer that used a variety of social engineering. For instance, some e-mail messages purported to be a patch from Microsoft for a security vulnerability.

Here are a sampling of lists from antivirus software vendors.

Central Command's top 12 list of the most prevalent malware for July:
Worm/Klez.E 19.2%
Worm/Sobig.E 17.9%
Worm/BugBear.B 17.6%
Worm/Sobig.A 6.6%
Worm/Sobig.C 4.2%
Worm/Sircam.A 2.9%
Worm/Ganda 1.8%
Worm/Hawawi.E 1.6%
W32/Funlove.4099 1.5%
Worm/Avril.A 1.2%
W32/Yaha.E 1.2%
W32/Nimda 1.0%
Others 23.3%

Panda Software top 10 most detected malware for July:
W32/Bugbear.B 8.56%
W32/Mapson 7.36%
Trj/PSW.Bugbear.B 5.08%
JS/Fortnight.E 4.81%
JS/Fortnight.D 4.02%
W32/Klez.I 3.86%
W32/Parite.B 3.07%
W32/Bugbear.B.Dam 2.31%
W32/Bugbear 2.16%
W32/Enerkaz 2.14%

Sophos' top 10 list for the month:
W32/Sobig-E 47.8%
W32/Bugbear-B 11.0%
W32/Klez-H 5.9%
W32/Sobig-A 2.7%
W32/Parite-B 0.9%
W32/Sobig-B 0.9%
W32/Ganda-A 0.8%
W32/Opaserv-G 0.7%
W32/Sobig-D 0.7%
W95/Dupator 0.7%
Others: 27.9%


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: