Variants of the Klez worm were by far the most common viruses circulating on the Internet this month.

That's according to monthly statistics (http://www.messagelabs.com/viruseye/default.asp?by=month) from managed services firm MessageLabs, which stopped 422,507 viruses in April, way up on the 161,904 it blocked in March, after a mercifully quiet start to the year in terms of virus infections. MessageLabs reports that virus infection rates are currently running at around one per 265 emails, which compares to one in 30 infected emails at the heights of the Goner and Love Bug epidemics.

Antivirus vendors such as Symantec have recently upgraded the threat level posed by Klez, but the worm is more accurately described as the latest high-profile virus rather than one of the most damaging.

In the last four weeks MessageLabs blocked 251,171 emails infected with Klez-H, with 40,239 SirCam infection-bearing emails stopped, and Klez-E (37,831) also featuring prominently in its monthly chart.

Klez is a mass-mailing worm that searches the Windows address book for email addresses and sends messages to all recipients that it finds. The worm uses its own SMTP engine to send the messages.

The subject and attachment name of incoming emails is randomly chosen, making it harder for users to spot. The attachment will have one of the following extensions: .bat, .exe, .pif or .scr. Klez is capable of infecting files.

The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message. Information and a patch for the vulnerability can be found here (http://www.microsoft.com/technet/security/bulletin/MS01-020.asp). ®

Top ten viruses blocked by MessageLabs in April

1. 
   
2. Klez-H
   
3. SirCam
   
4. Klez-E
   
5. Magistr-B
   
6. Hydris-B
   
7. Magistr-A
   
8. BadTrans-B
   
9. Vavidad.E1
   
10. Yaha-A
    
11. MyLife-J
    

External Links

Analysis of the spread of the Klez-H worm by MessageLabs (http://www.messagelabs.com/viruseye/report.asp?id=100)

Related Stories

Cisco and Sophos spoofed in virus mail-outs (http://www.theregister.co.uk/content/56/25052.html)
Klez worm infects and infuriates (http://www.theregister.co.uk/content/56/24900.html)
All quiet on the malware front (http://www.theregister.co.uk/content/55/24254.html)
Bill Clinton virus proves user security sucks (http://www.theregister.co.uk/content/56/24547.html)
Thousands of idiots still infected by SirCam (http://www.theregister.co.uk/content/56/21987.html)
SirCam virus hogs connections with spam (http://www.theregister.co.uk/content/56/20553.html)
Hybrid viruses set to become bigger threat (http://www.theregister.co.uk/content/archive/23050.html)
MS security memo a mere gesture (http://www.theregister.co.uk/content/4/23727.html)
Users haven't learned any lessons from the Love Bug (http://www.theregister.co.uk/content/8/16668.html)
Rise in viruses within emails outpacing growth of email (http://www.theregister.co.uk/content/8/18099.html)
A plague on all our networks (http://www.theregister.co.uk/content/archive/23431.html)
AV vendors sell 'blunt razor blades' (http://www.theregister.co.uk/content/56/24596.html)
Virus writers outpace traditional AV (http://www.theregister.co.uk/content/56/24996.html)