The Top Ten most prevalent computer viruses during January were:
- 1: W32/MyDoom.A-mm – 48,239,797
2: W32/SoBig.F-mm – 33,218,757
3: W32/Klez.H-mm – 8,285,284
4: W32/Swen.A-mm – 5,101,430
5: W32/Dumaru.A-mm – 2,301,362
6: W32/Mimail.A-mm – 1,746,844
7: W32/Mimail.J-mm – 771,846
8: W32/Sober.C-mm – 310,954
9: W32/Bagle.A-mm – 221,036
10: W32/Dumaru.Y-mm – 135,888
Commentary for January 2004
ALL WAS PRETTY QUIET ON the virus front at the beginning of January. The month began with the usual number of viruses and then we witnessed a flurry of new arrivals. During the last week of the month, MyDoom struck. You'll have read all about this one in the national press, no doubt! Indeed, the 'dailies' played up two further minor attacks later that week as many IT system users began to fear the worst.
The first bubble of activity began with Bagle. The original copy of this worm was intercepted from Germany. In practice, the worm arrived as an e-mail attachment, searched the infected machine for e-mail addresses and then sent itself to the addresses found. The worm used unsophisticated social engineering techniques and clearly displayed an executive attachment which offered observant recipients a fairly good clue to suggest the e-mail in question was infected.
Interestingly, this virus did bear some similarities to the SoBig worm that debuted almost exactly a year ago to the day that Bagle was released into the wild.
Dumaru was the second virus to register on the radar. Again, this was a mass-mailing worm but harboured a password-stealing or key-logging Trojan component that left a back door open on any infected computer connected to the Internet. This allowed remote access to the recipient's PC.
The new variant of Mimail – Mimail Q – also wriggled its way into January to join the other mass-mailing worms, but the big worm that disturbed the earth the most was undoubtedly MyDoom.
The spectre of MyDoom
MyDoom.A first cast its shadow on Monday 26 January. The peak infection rate was one in 12 e-mails. MyDoom.A spreads via e-mails, and also by copying itself to any available shared directories used by Kazaa. The particularly cunning element of MyDoom is it's ability to randomly generate or guess likely e-mail addresses to which it can send itself.
MyDoom also duped the user into thinking it was a "mail delivery error message" – a far more sophisticated and subtle social engineering technique than Bagle, and indeed many of the mass-mailing worms we've previously seen. The virus was designed to launch a denial of service attack against the SCO Group web site (the motive rumoured to be SCO's anti-linux stance). Thus it appeared the virus writer was an open source sympathiser.
It's unlikely we've seen the end of MyDoom and its various protégées.
Viruses in 2003: the MessageLabs round-up
FROM THE MILLIONS OF E-MAILS MESSAGELABS SCANNED for over 7,500 client organisations, the e-mail-to-virus ratio for 2003 stood at one-in-88 (compared with one-in-212 for the previous 12 months). The worst month – September – witnessed an infection rate of one e-mail in every 24.Virus levels increased, then, but those of spam really soared. The ratio of spam to e-mail is now around the one-in-2.5 mark, in comparison with one-in-eleven around a year ago. Our inboxes are clogged with more junk than ever!
While the statistics are noteworthy in themselves, the story behind the rise in viruses and spam is quite compelling. 2003 saw various malware trends evolve, with perhaps the most significant being the growing amount of malware related to criminal activities. The bad guys have finally discovered there’s money to be made on the Internet, and have busied themselves as a result.
SoBig.F was the most notorious of the new breed. At its peak, one-in-17 e-mails stopped by us contained a copy. Come last December, we’d stopped more than 32 million e-mails containing the virus. Up to two-thirds of spam e-mail comes from computers infected by similar viruses, or by Trojans the Blackhats have managed to insert onto a victim’s PC.
Source
SMT
No comments yet