VirusEye - The MessageLabs Update

1. W32/Fizzer.A – 497,846
   
2. W32/Yaha.E-mm – 372,532
   
3. W32/SoBig.B-mm – 343,449
   
4. W32/Klez.H-mm – 293,028
   
5. W32/SoBig.A-mm – 86,668
   
6. W32/Yaha.K!e2a2 – 74,463
   
7. W32/SirCam.A-mm – 46,402
   
8. W32/Yaha.P-mm – 21,230
   
9. W32/BugBear-mm – 11,290
   
10. W32/Lovgate.F-m – 8,261

Commentary: June 2003
It looks like we spoke too soon! Last time around, we suggested that so far in 2003 the action on new e-mail viruses had been relatively quiet. In May, the situation changed radically. As the chart shows, with two new entries (Fizzer and SoBig.B) in the top three places, a number of new viruses emerged.

In fact, over 50 new strains of malware were detected 'in the wild' (ie they're actually out there causing damage), with five significant strains emerging on one day alone.

Two viruses were the biggest culprits. The aforementioned Fizzer strain was first spotted on 7 May in Austria, and wasted no time in spreading itself around the global network. A mass-mailer with its own SMTP engine (thereby allowing it to send e-mails without using Outlook), it spoofs the address of the sender such that it cannot be traced back to the genuine instigator. It is also able to spread via Instant Messenger, IRC and other file-sharing mechanisms.

Two characteristics of the Fizzer virus set the tone for the month in terms of the amount of potential damage inflicted. Once 'inside', it attempts to disable local security software such as anti-virus or firewall protection. It then opens ports on the recipient's machine, rendering it vulnerable to being further compromised via the Internet. Once these tasks are both completed, the PC in question then becomes extremely vulnerable to the vast swathe of malware sweeping the Net.

The second big outbreak involved SoBig.B. This particular outbreak began in the Netherlands on 17 May, dominated in the UK and – by the end of June – had been stopped in over 170 countries.

SoBig.B has many similar characteristics to the first SoBig virus, which first broke onto the scene back in January. The SoBig family of viruses compromises the victim's PC such that it can be used by spammers. Once the spammers locate a compromised computer, they can then use it to send millions of spam e-mails.

During the course of May we witnessed a number of incidents where spam and viruses were originating from the same IP address. The most likely cause of this is the sheer number of SoBig-infected PCs around the world.

Virus writers are still out there in force, and the impact of new viruses like Fizzer (or the new variants on old themes such as SoBig.B) can be catastrophic to any business that isn't protected. Make sure yours isn't one of them!