There's no doubt that this year's most virulent malicious code has been Klez.I, responsible for nearly 18 percent of all infections. This ruthless virus uses a two-pronged attack. On the one hand using 'social-engineering' under a multitude of guises, to trick users, and on the other exploiting a known vulnerability in Microsoft Internet Explorer to run automatically when viewed in the Preview Pane.
In second place, although responsible for less than five percent of total infections, comes Bugbear. This worm exploits the same vulnerability as Klez.I and is able to block certain application processes including those of some antiviruses and personal firewalls. It also opens port 36794 on the computer under attack to create a backdoor that could be used by a hacker to gain remote access to the computer or network.
Right behind Bugbear comes Elkern.C. The prevalence of this virus throughout 2002 is due largely to the fact that it is installed on computers by the Klez.I worm.
The tenacious Nimda, the culprit in just over three percent of cases, holds fourth place in the Top Ten list. This virus was first detected in September 2001 when it reached epidemic proportions. Its persistence is largely due to its exploiting of both an Internet Explorer vulnerability (the same one asexploited by Klez.I) and a flaw affecting Microsoft IIS, allowing Nimda to infect both directly and indirectly, via Internet downloads.
In fifth place is Sircam, which has appeared in nearly all monthly rankings of virulent malicious code since August 2001, no doubt due to its cunning use of social engineering techniques.
The remaining five viruses to make up this year's ranking are Grade.A, Help, Magistr.B, Klez.F and the PSW/Bugbear Trojan horse. Despite seemingly low infection rates -all of them were responsible for less than three percent of total infections- the continuous appearance of such viruses once again highlights the need for users to take the protection of their IT resources seriously.
Ranking Name Percentage frequency
1 W32/Klez.I 17.96%
2 W32/Bugbear 4.41%
3 W32/Elkern.C 3.70%
4 W32/Nimda 3.22%
5 W32/Sircam 2.94%
6 W32/Grade.A 2.91%
7 VBS/Help 2.72%
8 W32/Magistr.B 2.63%
9 W32/Klez.F 2.47%
10 Trj/PWS.Bugbear 2.30%
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.