Sophos issues summary of virus activity for last six
Sophos, a world leader in corporate anti-virus protection, has
announced that it has detected and protected against 3,279 new
viruses in the first six months of 2002. During this period, the
single most prevalent virus was Klez-H, which was first
reported in March 2002. All ten of the most prolific viruses in
January to June 2002 were mass mailing Windows 32 viruses.
"What we see here is a clean sweep for Windows 32 viruses,
taking every position of the top 10 chart," said Graham Cluley,
senior technology consultant, Sophos Anti-Virus. "The days when
Word macro and script viruses caused the most infections seem to be
long gone. Worms and viruses that spread using networking functions
or email clients currently dominate enquiries to our customer
For the first six months of 2002, the top ten viruses (as
recorded by Sophos's helpdesk) are as follows, with the most
frequently occurring virus at number one:
"As expected, Klez-H tops the chart.
Klez-H is a sobering reminder that viruses continue to present a
serious threat, and that it is vital enterprises follow safe
computing practices and keep anti-virus protection updated,"
continued Cluley. "However, Klez-H wasn't the only big hitter.
Nimda and Sircam, which were all
released during 2001, were an ugly hangover for many users well
into this year."
In runner-up position is Badtrans-B. First seen in November
2001, this worm drops a password stealing Trojan Horse onto the
infected user's computer. However, this virus is easy for the wary
to spot as it arrives as a file attachment with a double extension.
Sophos advises that, as well as keeping protection up to date,
enterprises block these file types at the email gateway. Companies
introducing this policy after the Love Bug would not only
have avoided infection from Badtrans-B, but also Anna Kournikova, Sircam and
many other recent viruses.
At number three in the chart is the ElKern-C. Piggybacking on
Klez-H, this worm is able to disarm anti-virus scanners. Those
users protected against Klez-H have nothing to fear from this
Two variants of the Magistr worm still make the chart, even
though they were released as far back as May and September 2001.
The continued success of Magistr lies in its ability to randomly
generate a new subject line and text each time it propagates - this
makes it harder to spot. Computer users who regularly update their
protection should avoid infection.
Other developments in the first six months of 2002 included:
- The Bound
worm, which was the ninth most reported worm in this period, was
unusual for its capability to communicate in either English or
Japanese. This characteristic made it easier for the worm to cross
international boundaries without arousing suspicion.
- Virus hoaxes continued to cause panic with threats of the
circulating in numerous languages. Sophos urges computer users to
double-check whether a virus warning is genuine or not by visiting
a recognised anti-virus website for confirmation.
- In May David L Smith, the author of the Melissa virus was
sentenced to 20 months in prison and a $5000 fine by the US
- Two new proof of concept viruses have emerged during 2002.
Sharp-A, the first
worm written in C#, Microsoft's newest programming language, was
detected in March. Perrun-A, the first virus
capable of infecting JPEG graphics files, was first seen in June.
Neither Sharp-A nor Perrun-A are circulating in the wild and as
such represent no threat to computer users.
Clinton and Shakira all joined the
growing list of celebrities whose names and images have been used
to dupe unsuspecting users into opening up malicious code.
Graphics of the above Top Ten chart are available here.
about safe computing, including anti-hoax policies.