News Stay informed about the latest enterprise technology news and product updates.

Bugbear, Klez continue to threaten Internet

Leading antivirus software vendors say the Bugbear and Klez worms continue to spread on the Internet and network shares, and were the leading threats for November.

The Bugbear and Klez worms continued to spread via the Internet and network shares in November, fending off newcomer Braid worm as the top threats of the month, according to several antivirus software vendors.

'Braid' worm drops FunLove virus

Guard against Bugbear using these tips

New Klez variant can do some damage

Past virus roundups
Feedback on this story? Send your comments to News Writer Edward Hurley

Bugbear burst on the virus scene in October to become the biggest viral threat of the second half of the year. The worm opens a backdoor in infected systems and installs a keystroke-logging program. The program can harvest passwords and other sensitive information with this program. Bugbear also attacks antivirus and firewall software.

The Braid (or Bride) worm surfaced in November. The worm is a mass-mailer that injects the FunLove virus when infecting a system. FunLove, however, hampered Braid's progress because the presence of FunLove alerts antivirus software. Braid exploits the same MIME header vulnerability as Klez and Bugbear, that allows it to execute without recipients needing to double-click the attachment.

Klez is still king for the year. Variants of the worm have been spreading since April. It has succeeded for a number of reasons. It generates random subject lines and file names, keeping users from looking for a particular subject line. The worm also searches infected machines for e-mail addresses in everything from documents to cached Web pages. It then sends out copies of itself using its own SMTP engine. One infected machine can literally pump out hundreds of infected messages.

Here are the top threats as reported by antivirus vendors:

Sophos' top 10 list of viruses and worms.
1. W32/Bugbear-A 29.4%
2. W32/Braid-A 8.5%
3. W32/Klez-H 7.7%
4. W32/Opaserv-A 5.4%
5. W32/Opaserv-C 5.1%
6. W32/Flcss 4.6%
7. W95/Spaces 3.3%
8. W32/Opaserv-F 2.5%
9. W32/Opaserv-B 2.1%
10. W32/Opaserv-D 2.0%
Others 29.4%

Panda Software's top 10 list for November.
1.W32/Klez.I 20.07%
2.W32/Bugbear 10.77%
3.Trj/PSW.Bugbear 6.35%
4.W32/Opaserv.E 6.09%
5.W32/Bride 5.62%
6.W32/Elkern. C 5.62%
7.W32/Funlove.4096 5.42%
8.W32/Opaserv.H 4.95%
9.W32/Nimda 4.63%
10.W32/Opaserv 4.54%

MessageLabs' list of intercepted viruses and worms for the month.
W32/Klez.H-mm 467192
W32/Yaha.E-mm 120177
W32/BugBear-mm 80593 [Also known as BugBear]
EML/Greeting-Card.E 45182 []
W32/Braid.A-mm 19584 [README.EXE]
W32/SirCam.A-mm 16393
EML/Greeting-Card.J 7911 [Uses IP address instead of domain name]
W32/Yaha.C-mm 7604
W32/Magistr.B-mm 4752
W32/Klez.E-mm 4511 [PIF sending version]

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.