Feeds

Spammers help Klez top the virus charts

Who will rid us of this pestilent pathogen?

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

Variants of the Klez worm were by far the most common viruses circulating on the Internet last month.

That's according to monthly statistics from managed services firm MessageLabs, which stopped more than 535,000 copies of the virus in August, up from 475,000 Klez-infected emails blocked in July. Klez has toppe the virus charts for five months in a row.

MessageLabs reports that virus infection rates are currently running at around one per 106 emails, which compares to one in 30 infected emails at the heights of the Goner and Love Bug epidemics.

In August MessageLabs blocked more than 520,720 emails infected with Klez-H alone, which became the worse virus ever in May, according to the company.

By comparison, the next most common virus, Yaha-E, was blocked only 161,353 times by MessageLabs during last month, with the infamous SirCam virus trailing in a distant third with 23,976 sightings.

Last month we received evidence from security experts that spammer's computer systems were infected with the Klez-H virus and spreading it along with their unsolicited emails.

Alex Shipp, Chief Anti-virus Technologist at MessageLabs, said its data couldn't confirm this theory, but spammers getting infected with the virus could be an important factor in explaining the prevalence of the virus.

The way the virus appears with random subject lines and spoofed email addresses of senders are also aiding to its spread, he says.

Klez is a mass-mailing worm, which searches the Windows address book for email addresses and sends messages to all recipients that it finds. The worm uses its own SMTP engine to send the messages. It can also spoof the 'from' field in messages, a factor which has resulted in widespread confusion about the bug.

The subject and attachment name of incoming emails is randomly chosen, making it harder for users to spot. The attachment will have one of the following extensions: .bat, .exe, .pif or .scr. Klez is capable of infecting files.

The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message. Information and a patch for the vulnerability can be found here. ®

Top ten viruses blocked by MessageLabs in August


  1. Klez-H
  2. Yaha-E
  3. SirCam
  4. Klez-E
  5. Yaha-C
  6. Magistr-B
  7. Hybris-B
  8. Magistr-A
  9. Nimda-E
  10. Tettona-A

    External Links

    Analysis of the spread of the Klez-H worm by MessageLabs

    Related Stories

    Klez tops the virus charts
    Klez-H is the worst virus ever - official
    Reg gets Yaha treatment from top exec
    Multiple virus scanning needed, says multiple scanning firm

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.