News

Sophos: Klez worm tops 2002 chart

The Klez worm was the most prolific virus in 2002, according to statistics released by anti-virus company Sophos.

Klez, which first appeared at the end of 2001, accounted for 24% of all viruses reported to customer support representatives at Sophos.

The worm, which has a number of variants, exploits a vulnerability in Microsoft Outlook and Outlook Express and is unleashed when users open or even preview an e-mail message carrying the worm.

Klez also inserts the virus W32.ElKern.3326 on infected machines.

The worm has exhibited a knack for survival, steadily infecting new users more than a year after its appearance, despite the almost simultaneous release of software patches and anti-virus signatures designed to thwart it, according to Chris Wraight, a technology consultant at Sophos.

He added that the persistence of Klez sets it apart from its predecessors, such as LoveBug, which dropped from visibility soon after it appeared.

Second to Klez on Sophos' list of top-ten viruses was the Bugbear worm, which surfaced in October and accounted for 17% of all incidents in 2002.

Among the virus trends Sophos identified in 2002 was the use of so-called "sender forging," in which legitimate e-mail addresses are swapped to replace the address of the real sender of the worm.

These types of "social engineering" tricks will continue to be used and continue to work in 2003, with virus writers using pictures to entice people to open attachments containing viruses.

"Social behaviour being what it is, those tricks are going to continue to work," Wraight said.

Most virus-writing kits that streamline the creation of new viruses are written for Windows, he added.

Worms targeting instant messaging applications such as AOL Instant Messenger will continue to be a threat in 2003, according to Sophos. Viruses written in new languages such as Microsoft's C# are also possible.

However, Wraight was sceptical that viruses targeting the growing number of mobile devices and personal digital assistants (PDAs) would surface next year. "I think it's probably not an issue until 2004. The connectivity isn't there yet and the devices themselves aren't capable of it."

As with other viruses targeting traditional computers, Wraight said keeping desktop anti-virus software up to date on computers that synchronise with PDAs was crucial to preventing the outbreak on mobile devices and PDAs.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy