Security Management Strategies for the CIOIf the worm activity in January was a sign of things to come, this will be a long year.
Mydoom-A, which began spreading in the last days of January, was easily the most prevalent worm, according
Requires Free Membership to View
to lists compiled by antivirus software vendors. By contrast, Mydoom-B hardly spread at all. This was good news for Microsoft, since the variant was coded to launch a distributed denial-of-service attack yesterday on the software giant's Web site.
The SCO Group wasn't so lucky. The company, which is embroiled in a legal battle with IBM and other firms over Linux, was hit Sunday with a massive DDoS attack created by Mydoom-A.
It's not surprising that Mydoom-A was the top virus for January, but it wasn't the only new worm. Bagle-A, which hit earlier in the month, also gained a lot of traction. In fact, in almost any other month, the volume of activity generated by Bagle would have made it the most prevalent worm.
The surprising thing about Bagle was that it spread at all. The worm's techniques don't appear to be particularly savvy. It travels as an attachment to e-mail messages. The text of the messages is made up of random letters. Its subject line is "Hi."
"The Bagle worm catapulted to the top very quickly. First detected halfway through the month, it shot up the chart in only a short amount of time," said Chris Belthoff, senior security analyst at Lynnfield, Mass.-based Sophos Inc., in a statement. "However, Bagle's popularity was short-lived, as it was designed to fall dormant on Jan. 28, 2004."
Mydoom also has a kill date. It will stop spreading Feb. 12. Still, the worm has a good chance of being the biggest worm of the year. U.K.-based e-mail-filtering company MessageLabs Inc. has intercepted more than 21 million copies of the worm so far. At the worm's peak, it was found in one of every 12 e-mails scanned by MessageLabs.
Here are the monthly lists from the leading vendors:
Sophos:
1. Mydoom-A 25.1%
2. Bagle-A 16.3%
3. Sober-C 9.9%
4. Dumaru-A 5.3%
5. Mimail-J 3.1%
6. Mimail-A 2.7%
7. Mimail-K 2.6%
8. Mimail-C 2.2%
9. Mimail-I 1.0%
10. Klez-H 0.8%
Others 31.0%
Central Command:
1. Mydoom-A 77.4%
2. Sober-C 5.9%
3. Bagle-A 2.0%
4. Mimail-I 1.7%
5. Gibe-C 1.5%
6. Klez-E 1.3%
7. Mimail-J 1.0%
8. Bugbear-B 0.7%
9. Mimail-A 0.5%
10. Dumaru-A 0.5%
11. Hawawi-G 0.4%
12. Nimda 0.3%
Others 6.8%
Kaspersky Labs
1. Mydoom-A 78.32%
2. Swen 6.57%
3. Mimail-C 3.63%
4. Sober-C 2.11%
5. Mimail-A 1.96%
6. Bagle 1.12%
7. Klez-H 0.80%
8. Mimail-G 0.74%
9. Sobig-F 0.54%
10. Tanatos-B 0.34%
11. Lentin-J 0.30%
12. Lentin-G 0.27%
13. Lentin-M 0.26%
14. Macro.Word97.Swatch-B 0.23%
15. Dumaru-A 0.22%
16. Macro.Word97.Thus-based 0.22%
17. Macro.Word97.Saver 0.21%
18. Lentin-O 0.20%
19. Dumaru-J 0.15%
20. Mimail-J 0.15%
Others 1.64%
Panda Software
1. Mydoom-A 9.51%
2. Trj/Downloader-L 7.53%
3. Bugbear-B 4.49%
4. Parite-B 4.22%
5. Klez-I 3.27%
6. Trj/Runet-A 2.72%
7. Blaster 2.47%
8. Blaster-E 2.36%
9. Trj/Bookmark-B 2.32%
10. Sober-C 2.29%
Join the conversationComment
Share
Comments
Results
Contribute to the conversation