Ranking of The Most Frequently Detected Viruses in 2003

Panda Software, a leading developer of antivirus software, has published its ranking of the Top Ten viruses most frequently detected by Panda ActiveScan in 2003.

The Bugbear.B worm has been the malicious code that has affected most computers this year, reaching the figure of over eleven percent. This could be explained by its capacity to mass-mail itself and to exploit a vulnerability in Internet Explorer to run automatically.

Second place is taken by Klez.I. This worm, first detected in April 2002, continues to cause a lot of infections, and has been responsible for over eight and a half percent of infections.. Various factors contribute to this figure, including its ability to run automatically; its use of so-called social engineering techniques to trick users; and its ability to go unnoticed, so that users don’t even know that their computers have been infected by it.

The Trojan horse PSW.Bugbear.B (at just under six and a half percent) comes third in this Top Ten. This is not surprising, given that this malicious code is closely linked to the Bugbear.B worm, which downloads it to computers.

In fourth position is the Blaster worm (with over five percent). This worm appeared in August and caused a worldwide epidemic by exploiting a recently discovered vulnerability in some versions of Windows operating systems. However, a computer infected with Blaster is generally easy to recognize, as a programming error in the virus causes the computer to periodically restart, and as a result, users have gradually installed the patches that fix the vulnerability. Therefore, even though it continues to appear in the lists of the most frequently detected viruses published each month; it is gradually causing less infections.

The polymorphic Parite.B virus (at a little over five percent) is another one of the Top Ten viruses in 2003, ranking fifth. This virus could be described as ‘discrete but persistent’, as it has made most of the rankings of the most frequently detected viruses since November 2001, without causing an epidemic. Its staying power could be down to the variety of means it uses to spread (CD-ROMs, floppy disks, e-mail, etc.).

Mapson (at just under five percent) is another of the viruses in the 2003 Top Ten ranking. This worm’s capacity to spread via e-mail, MSN Messenger and P2P applications meant that it initially spread very quickly, giving it sixth place in this list.

In seventh place is Enerkaz (at just under four percent), a worm that was discovered in December 2002, which spreads through different means. After Enerkaz comes NoClose (also at just under four percent), one of the few Trojan horses to make this ranking.

Closing the Top Ten are the first worm in the Bugbear family (at just under three and a half percent), and a minor variant of this worm called Bugbear.B.Dam (at around two and a half percent).

Some conclusions can be drawn from these statistics. Firstly, there are many computers that do not have antivirus protection installed or, if they do, it has not been updated for a long time. This explains the large number of ‘veteran’ viruses in the ranking, such as Bugbear.B. Similarly, the fact that many of these malicious code, such as Blaster, exploit vulnerabilities in the software installed on the computer suggests that many users have not installed the patches released by the manufacturers to fix these flaws. As a result, worms such as Klez.I, which exploit vulnerabilities that were discovered and fixed many months ago, are able to continue infecting computers.

Virus % Frequency

W32/Bugbear.B 11.21%
W32/Klez.I 8.59%
Trj/PSW.Bugbear.B 6.45%
W32/Blaster 5.32%
W32/Parite.B 5.10%
W32/Mapson@MM 4.73%
W32/EnerKaz 4.42%
Trj/JS.NoClose 3.59%
W32/Bugbear 3.43%
W32/Bugbear.B.Dam 2.52%

OPIS

Subscribe to the Help Net Security breaking news e-mail alerts:

OPIS

Don't miss