4.     TOP TEN VIRUSES AND HOAXES REPORTED TO SOPHOS IN NOVEMBER 2002

This is the latest in a series of monthly charts counting down the ten most frequently occurring viruses and hoaxes as compiled by Sophos, a world leader in corporate anti-virus protection.

For  November 2002, the chart is as follows, with the most frequently occurring virus at number one:

Position        Virus                           Percenptage of reports                       

  1.        W32/Bugbear-A                       29.4%                         

  2.        32/Braid-A                                 8.5%             NEW ENTRY

  3.        W32/Klez-H                               7.7%

  4.        W32/Opaserv-A                         5.4%             

  5.        W32/Opaserv-C                         5.1%     

  6.        W32/Flcss                                  4.6%            RE-ENTRY 

  7.        W95/Spaces                               3.3%            RE-ENTRY

  8.        W32/Opaserv-F                         2.5%            NEW ENTRY

  9.        W32/Oparserv-B                        2.1%

  10.        W32/Oparserv-D                        2.0%

                  Others                                      29.4%

 “Bugbear dominates the chart for the second month as it continues to out-fox users with its dual mode of attack – this worm can spread via email and network shares,” said Charles Cousins, Managing Director at Sophos Anti-Virus.  “It’s important that all users ensure they are protected against Bugbear because it implants code that can log victims’ keystrokes.  This means hackers have a perfect view of everything you type – this could include passwords, bank account details and credit card numbers.” 

Also making a big impact this month was the new Braid worm.  This is an email aware worm with an attachment.  However, if the recipient’s system is left unpatched against a Microsoft vulnerability, the virus can run automatically, as soon as the offending email is opened.  Alongside keeping anti-virus protection up to date, Sophos reminds users to patch against all known vulnerabilities and be suspicious of all unsolicited emails. 

Meanwhile, a new virus called Winevar worm (W32/Winevar-A), which Sophos believes was inspired by the Association of Anti-Virus Asia Researchers (AVAR) 2002 conference, held in late November in Seoul, Korea was also detected by Sophos last month. 

The Winevar worm drops the W32/Flcss worm (aka Fun Love) onto infected machines and spreads via an email with a subject line of “Re: AVAR (Associated of Anti-Virus Asia Researchers)”.  Furthermore, in a deliberate attempt to directly harm the anti-virus community, Sophos has found that the Winevar worm attempts to launch a denial of service attack on the website of US security firm, Symantec.  The worm shares code characteristics with the Braid worm (W32/Braid-A, first seen in early November), which has infected many computer users across the world.   

The Funlove worm and Spaces  virus make chart comebacks even though protection against these threats was issued back in 1999.

Sophos detected 817 new viruses, worms and Trojan horses in November, the total number it now protects against is 78,381.

The top ten hoaxes reported to Sophos during Novermber  2002 are as follows:

Position                        Hoax                                  Percentage of Reports

  1.             JDBGMGR                                                 22.0%

  2.             Budweiser frogs screensaver                        11.5%

  3.             Meninas de Playboy                                       7.9%

  4.             Hotmail hoax                                                  5.5%

  5.             A virtual card for you                                      5.0%

  6.             Bonsai kitten                                                   3.5%

  7.             Mobile phone hoax                                         3.2%

  8.             Frog in a blender/fFish in a bowl                     2.8%

  9.             Bill Gates fortune                                             2.5%

  10.             WTC Survivor                                                 2.1%

                      Others                                                            33.9%

 All too often, users receiving email warnings of viruses circulate them to all their contacts in the mistaken belief they are doing good.  In reality, these actions cause uncertainty, waste bandwidth, clog up email servers and spread disinformation,” continued Cousins.  “Instead, businesses should instruct all employees to send all such emails to a single, nominated person who is responsible for checking out whether the threat is real or fake”. 

Sophos has made available a free, always-fresh, information feed for intranets and websites  which means users can always find out about the latest viruses and hottest hoaxes.

http://www.sophos.com/virusinfo/infofeed/ 

Graphics of the above Top Ten virus chart are available at:

http://www.sophos.com/pressoffice/imgallery/topten

For more information about safe computing, including anti-hoax policies, please visit:

http://www.sophos.com/safecomputing 

About Sophos  

Sophos is one of the world’s largest specialist developers of anti-virus software.  Headquartered in the UK, its products are sold and supported through a global network of subsidiaries and partners in more than 150 countries.  Sophos solutions are specifically designed to protect businesses and organisations from virus attack.  The company’s products are widely deployed by  large corporations, banks and governments.

 Back