Admins waiting for next worm to drop

Article

Admins waiting for next worm to drop

Edward Hurley, SearchSecurity.com News Writer

September was a pretty quiet month for viruses and worms, but security pros and administrators were still anxious.

Perhaps the biggest malware news for the month were the worms that didn't appear. People were waiting for worms to take advantage of two new RPC-DCOM vulnerabilities

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

in Windows. In August, two worms, Blaster and Nachi, took advantage of a similar flaw.

Sobig-F also stopped spreading on Sept. 10, which meant users were waiting for a new variant of the worm, which has spread this year, creating open relays for spammers. Despite being around for only a third of the month, Sobig-F topped at least one antivirus company's list for most prevalent malicious code for September.

"The fact that all four of last month's big hitters -- Sobig-F, Blaster, Mimail and Nachi -- are still in the top 10, despite extensive media coverage, is also concerning. It means some people are still either ignoring advisories to patch or are still oblivious to the threat," said Chris Belthoff, senior security analyst at Sophos Inc.

One worm writer tried to capitalize on users' fears. In fact, Swen (also known as Gibe-F or Gibe-C) traveled during September attached to an e-mail purporting to be a security patch from Microsoft support. The worm gained the most traction of any worm that broke in September.

Here are a sampling of how antivirus software vendors ranked September's malware.

Sophos:

1. W32/Gibe-F (Gibe variant) 23.5%
2. W32/Dumaru-A (Dumaru virus) 18.1%
3. W32/Mimail-A (Mimail worm) 15.0%
4. W32/Sobig-F (Sobig variant) 5.6%
5. W32/Nachi-A (Nachi worm) 5.5%
6. W32/Sobig-A (Sobig worm) 4.4%
7. W32/Bugbear-B (Bugbear variant) 2.9%
8 W32/Klez-H (Klez variant) 2.7%
8. W32/Blaster-A (Blaster worm) 2.7%
10. W32/Parite-B (Parite variant) 1.3%
Others 18.3%

Kaspersky Labs:

1. I-Worm.Sobig 44.75%
2. I-Worm.Swen 36.50%
3. I-Worm.Mimail 6.50%
4. I-Worm.Klez 2.52%
5. I-Worm.Lentin 2.35%
6. I-Worm.Tanatos 0.81%
7. I-Worm.Dumaru 0.68%
8. Worm.Win32.Lovesan 0.35%
9. Worm.P2P.SpyBot 0.14%
10. Win95.CIH 0.11%
11. Backdoor.SdBot 0.09%
12. I-Worm.Ganda 0.09%
13. VBS.Redlof 0.08%
14. Win32.Parite 0.08%
15. Worm.Win32.Welchia 0.08%
16. Win32.FunLove 0.08%
17. I-Worm.Roron 0.07%
18. Backdoor.Optix.Pro 0.07%
19. I-Wom.Fizzer 0.07%
20. Macro.Word97.Thus 0.05%
Other malicious programs 4.52%

Central Command:


1. Worm/Sobig.F 67.5%
2. Worm/Gibe.C 8.6%
3. Worm/Nachi.A 3.9%
4. Worm/Dumaru.A 3.7%
5. Worm/Klez.E (including G) 3.0%
6. Worm/MiMail.A 2.9%
7. Worm/Lovsan.A 1.8%
8. Worm/BugBear.B 1.7%
9. Worm/Sobig.A 1.0%
10. Worm/Sircam.A 0.5%
11. W32/Funlove 0.5%
12. W32/Yaha.E 0.3%
Others 4.6%