Mimail-A peaks; Klez's staying power 'unparalleled'

Antivirus vendors are saying that spread of the Mimail-A worm has plateaued.

The Mimail-A worm, which pretends to be a message from an enterprise e-mail administrator, appears to have peaked.

U.K.-based e-mail filtering outsourcer MessageLabs said it captured 30,000 copies of Mimail at its height on Monday. On Tuesday, the firm said it had trapped 26,000.

Mimail does not exploit the Windows RPC-DCOM vulnerability, as some have feared. It does target vulnerabilities in Internet Explorer and Microsoft Outlook Express known as the Object Tag code base exploit and MHTML exploit.

Attackers exploiting those flaws can run code of their choice on vulnerable machines. The following versions are vulnerable: Microsoft Outlook Express 5.5, Microsoft Outlook Express 6.0, Microsoft Internet Explorer 5.01, Microsoft Internet Explorer 5.5, and Microsoft Internet Explorer 6.0.

Mimail-A began spreading on the Internet on Friday. The worm gained some traction because of its social engineering, which makes it appear to come from the user's e-mail administrator. For example, someone with a SearchSecurity.com e-mail address would get a message from "admin@searchsecurity.com."

While July was a busy month for Microsoft vulnerabilities, it was a fairly slow month for viruses and worms. Few new creepy crawlies made any real traction, but some old ones were still going strong.

In July, variants of Klez, Sobig and Bugbear topped the lists of prolific malicious code from the antivirus software vendors. "What we have seen with Worm/Klez.E is unparalleled to any past Internet worm, as it continues to show extraordinary staying power," said Steven Sundermeier, product manager of Central Command Inc., noting that the worm topped 12 out of the last 15 monthly lists.

The only worms that made some minor waves were variants of the Gruel worm, a mass mailer that used a variety of social engineering. For instance, some e-mail messages purported to be a patch from Microsoft for a security vulnerability.

Here are a sampling of lists from antivirus software vendors.

Central Command's top 12 list of the most prevalent malware for July:
Worm/Klez.E 19.2%
Worm/Sobig.E 17.9%
Worm/BugBear.B 17.6%
Worm/Sobig.A 6.6%
Worm/Sobig.C 4.2%
Worm/Sircam.A 2.9%
Worm/Ganda 1.8%
Worm/Hawawi.E 1.6%
W32/Funlove.4099 1.5%
Worm/Avril.A 1.2%
W32/Yaha.E 1.2%
W32/Nimda 1.0%
Others 23.3%

Panda Software top 10 most detected malware for July:
W32/Bugbear.B 8.56%
W32/Mapson 7.36%
Trj/PSW.Bugbear.B 5.08%
JS/Fortnight.E 4.81%
JS/Fortnight.D 4.02%
W32/Klez.I 3.86%
W32/Parite.B 3.07%
W32/Bugbear.B.Dam 2.31%
W32/Bugbear 2.16%
W32/Enerkaz 2.14%

Sophos' top 10 list for the month:
W32/Sobig-E 47.8%
W32/Bugbear-B 11.0%
W32/Klez-H 5.9%
W32/Sobig-A 2.7%
W32/Parite-B 0.9%
W32/Sobig-B 0.9%
W32/Ganda-A 0.8%
W32/Opaserv-G 0.7%
W32/Sobig-D 0.7%
W95/Dupator 0.7%
Others: 27.9%

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close