Over the last seven days, of the total number of computers in which ActiveScan detected an infection, Klez.I was the culprit in 13.64 percent of cases, followed by Bugbear (6.63%) and Bride (W32/Bride) (3.86%). The top three are closely followed by Trj/PWS.Bugbear (3.68%) and Elkern.C (3.59%).
This week a new variant of W32/Bride has appeared, W32/Bride.B. This worm spreads via e-mail, by sending itself out to the addresses that it finds in the HTM files and Outlook Express folders in the affected computer. This virus reaches computers in an e-mail message with the following characteristics:
- Subject: (this field is left blank).
My name is donkey-virus.
I wish you a merry Christmas and happy new year.
- Attachments: README.EXE
Bride.B activates when the attached file is run or when the e-mail message carrying this worm is viewed in the Preview Pane. It does this by exploiting the Exploit/iFrame vulnerability in the Microsoft Internet Explorer browser. When it carries out its infection, this malicious code temporarily removes the icons from the Desktop and ends active processes. In order to carry out its infection, it creates the following files:
-MADAM.EXE, which is a copy of the worm. This file's icon is similar to the Internet Explorer icon.
-MADAM.EML, which is a copy of the message that this worm sends out.