Feeds

Spammers help Klez top the virus charts

Who will rid us of this pestilent pathogen?

  • alert
  • submit to reddit

Remote control for virtualized desktops

Variants of the Klez worm were by far the most common viruses circulating on the Internet last month.

That's according to monthly statistics from managed services firm MessageLabs, which stopped more than 535,000 copies of the virus in August, up from 475,000 Klez-infected emails blocked in July. Klez has toppe the virus charts for five months in a row.

MessageLabs reports that virus infection rates are currently running at around one per 106 emails, which compares to one in 30 infected emails at the heights of the Goner and Love Bug epidemics.

In August MessageLabs blocked more than 520,720 emails infected with Klez-H alone, which became the worse virus ever in May, according to the company.

By comparison, the next most common virus, Yaha-E, was blocked only 161,353 times by MessageLabs during last month, with the infamous SirCam virus trailing in a distant third with 23,976 sightings.

Last month we received evidence from security experts that spammer's computer systems were infected with the Klez-H virus and spreading it along with their unsolicited emails.

Alex Shipp, Chief Anti-virus Technologist at MessageLabs, said its data couldn't confirm this theory, but spammers getting infected with the virus could be an important factor in explaining the prevalence of the virus.

The way the virus appears with random subject lines and spoofed email addresses of senders are also aiding to its spread, he says.

Klez is a mass-mailing worm, which searches the Windows address book for email addresses and sends messages to all recipients that it finds. The worm uses its own SMTP engine to send the messages. It can also spoof the 'from' field in messages, a factor which has resulted in widespread confusion about the bug.

The subject and attachment name of incoming emails is randomly chosen, making it harder for users to spot. The attachment will have one of the following extensions: .bat, .exe, .pif or .scr. Klez is capable of infecting files.

The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message. Information and a patch for the vulnerability can be found here. ®

Top ten viruses blocked by MessageLabs in August


  1. Klez-H
  2. Yaha-E
  3. SirCam
  4. Klez-E
  5. Yaha-C
  6. Magistr-B
  7. Hybris-B
  8. Magistr-A
  9. Nimda-E
  10. Tettona-A

    External Links

    Analysis of the spread of the Klez-H worm by MessageLabs

    Related Stories

    Klez tops the virus charts
    Klez-H is the worst virus ever - official
    Reg gets Yaha treatment from top exec
    Multiple virus scanning needed, says multiple scanning firm

Internet Security Threat Report 2014

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.