Mydoom, Bagle deliver double blow in January

IT administrators had to fend off two sizable malicious code outbreaks in January, including the one sparked by the most prolific e-mail worm of all time -- Mydoom-A.

If the worm activity in January was a sign of things to come, this will be a long year.

Mydoom-A, which began spreading in the last days of January, was easily the most prevalent worm, according to lists compiled by antivirus software vendors. By contrast, Mydoom-B hardly spread at all. This was good news for Microsoft, since the variant was coded to launch a distributed denial-of-service attack yesterday on the software giant's Web site.

The SCO Group wasn't so lucky. The company, which is embroiled in a legal battle with IBM and other firms over Linux, was hit Sunday with a massive DDoS attack created by Mydoom-A.

It's not surprising that Mydoom-A was the top virus for January, but it wasn't the only new worm. Bagle-A, which hit earlier in the month, also gained a lot of traction. In fact, in almost any other month, the volume of activity generated by Bagle would have made it the most prevalent worm.

The surprising thing about Bagle was that it spread at all. The worm's techniques don't appear to be particularly savvy. It travels as an attachment to e-mail messages. The text of the messages is made up of random letters. Its subject line is "Hi."

"The Bagle worm catapulted to the top very quickly. First detected halfway through the month, it shot up the chart in only a short amount of time," said Chris Belthoff, senior security analyst at Lynnfield, Mass.-based Sophos Inc., in a statement. "However, Bagle's popularity was short-lived, as it was designed to fall dormant on Jan. 28, 2004."

Mydoom also has a kill date. It will stop spreading Feb. 12. Still, the worm has a good chance of being the biggest worm of the year. U.K.-based e-mail-filtering company MessageLabs Inc. has intercepted more than 21 million copies of the worm so far. At the worm's peak, it was found in one of every 12 e-mails scanned by MessageLabs.

Here are the monthly lists from the leading vendors:

Sophos:


1. Mydoom-A 25.1%
2. Bagle-A 16.3%
3. Sober-C 9.9%
4. Dumaru-A 5.3%
5. Mimail-J 3.1%
6. Mimail-A 2.7%
7. Mimail-K 2.6%
8. Mimail-C 2.2%
9. Mimail-I 1.0%
10. Klez-H 0.8%
Others 31.0%

Central Command:


1. Mydoom-A 77.4%
2. Sober-C 5.9%
3. Bagle-A 2.0%
4. Mimail-I 1.7%
5. Gibe-C 1.5%
6. Klez-E 1.3%
7. Mimail-J 1.0%
8. Bugbear-B 0.7%
9. Mimail-A 0.5%
10. Dumaru-A 0.5%
11. Hawawi-G 0.4%
12. Nimda 0.3%
Others 6.8%

Kaspersky Labs


1. Mydoom-A 78.32%
2. Swen 6.57%
3. Mimail-C 3.63%
4. Sober-C 2.11%
5. Mimail-A 1.96%
6. Bagle 1.12%
7. Klez-H 0.80%
8. Mimail-G 0.74%
9. Sobig-F 0.54%
10. Tanatos-B 0.34%
11. Lentin-J 0.30%
12. Lentin-G 0.27%
13. Lentin-M 0.26%
14. Macro.Word97.Swatch-B 0.23%
15. Dumaru-A 0.22%
16. Macro.Word97.Thus-based 0.22%
17. Macro.Word97.Saver 0.21%
18. Lentin-O 0.20%
19. Dumaru-J 0.15%
20. Mimail-J 0.15%
Others 1.64%

Panda Software


1. Mydoom-A 9.51%
2. Trj/Downloader-L 7.53%
3. Bugbear-B 4.49%
4. Parite-B 4.22%
5. Klez-I 3.27%
6. Trj/Runet-A 2.72%
7. Blaster 2.47%
8. Blaster-E 2.36%
9. Trj/Bookmark-B 2.32%
10. Sober-C 2.29%

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close