Central Command: Top 12 Viruses For September 2002
Worm/Klez.E Continues Its Dominance, September 30th Worm/Tanatos Outbreak Catches Users Off Guard
Central Command, a leading provider of PC anti- virus software and computer security services today released its monthly listing of the top twelve viruses reported for September, 2002. The report, coined the “Dirty Dozen”, is based on the number of virus occurrences confirmed through Central Command’s Emergency Virus Response Team.
The table below represents the most prevalent viruses for September 2002, number one being the most frequent.
Ranking Virus Name Percentage
1. Worm/Klez.E (incl. G variant) 29.3%
2. Worm/Yaha.E 16.8%
3. W32/Elkern.C 10.8%
4. Worm/W32.Sircam 10.4%
5. W32/Nimda 4.7%
6. W32/Magistr.B 4.4%
7. W95/Hybris 3.0%
8. Worm/Badtrans.B 2.3%
9. W32/Funlove 1.8%
10. W32/Magistr.A 1.0%
11. Worm/Tanatos 0.5%
12. VBS/Redlof.A 0.5%
“It comes as no surprise that Worm/Klez once again topped our charts. Despite adequate protection against Klez, it’s one of those viruses that doesn’t seem to go away. The longevity of this worm speaks for itself,” said Steven Sundermeier product manager at Central Command, Inc. Worm/Klez.E infections accounted for over 52.1% of all Central Command’s total infections reported for the summer months of 2002 (June through September).
Central Command also observed last minute virus action thanks in part to the Worm/Tanatos and Worm/OpaSoft outbreaks occuring on the 30th of the month. Worm/Tanatos is a network aware Internet worm that attempts to spread through email. It drops a keylogging component, opens the TCP port 36794, potentially allowing remote administration on the infected computer, and kills various security applications. “We are seeing the deactivation of antivirus software becoming a high priority among virus authors today. The list of security applications to switch-off continues to grow with each new piece of malicious code,” concluded Sundermeier. Worm/Opasoft is an Internet worm that spreads via open network shares. It possess backdoor trojan capabilities.