Klez most widespread virus in 2002
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
Just three viruses accounted for more than half of all computer virus infections during 2002, according to anti-virus software vendor Sophos.
5 December 2002 Just three viruses accounted for more than half of all computer virus infections during 2002, according to anti-virus software vendor Sophos.
Even more surprisingly, the email worm Klez accounted for a quarter of the total, despite the fact that a fix for the hole in Microsoft Outlook that it exploits had been available for more than a year when it was first identified.
"Unlike previous chart toppers like the LoveBug, which disappeared almost as quickly as it arrived, Klez is the ultimate in slow burning worms. It has managed to consistently infect users throughout the year," said Graham Cluley, senior technology consultant at Sophos.
| |||||||||||||||||||||||||||
Instead of the user having to double-click on an attachment to activate the virus, Klez can be activated on unpatched PCs by the user simply viewing the email in Outlook's 'preview pane'.
Furthermore, while most Outlook worms do little more than send copies of themselves automatically to everyone in the user's address book, Klez's payload includes variants of the Elkern virus that disables anti-virus software.
Klez was particularly prevalent among poorly protected and technically illiterate home users.
It was just one of 7,189 viruses identified by Sophos during the year, although only a tiny fraction of that number are virulent enough to infect more than a handful of machines.
Most ominous of these, perhaps, was a 'proof of concept' virus distributed by virus writer 'Gigabyte'. Called Sharp, it is designed to demonstrate security shortcomings in Microsoft .Net, the software giant's web services technology.
Sharp does not cause any significant damage beyond sending itself to everyone in the user's Outlook address book. But if it detects the presence of .Net, it displays the message, "You're infected with Win32.HLLP.Sharp, written in C#, by Gigabyte/Metaphase".
Cluley also warns that virus writers are increasingly trying to spread remote access 'Trojans', hacking tools enabling them to take control of infected users' PCs and discover passwords to sensitive systems, such as corporate networks and online banking services.
Other new threats expected to surface in 2003 include worms targeting instant messaging services. But Cluley remains sceptical that handheld computers will be targeted soon because of their general lack of network connectivity.
Infoconomy links:
Sophos' top ten viruses and hoaxes in 2002
