August 1, 2002 11:00 AM PDT

Klez remains atop virus lists

Related Stories

Klez.h wins sibling rivalry

May 28, 2002

Are you the Klez monster?

May 17, 2002

Klez worm reborn as nastier version

February 11, 2002
The Klez worm is shaping up as the Lance Armstrong of computer pests, topping lists of the most active viruses for yet another month, although several new bugs made strong showings.

The E and G variants of Klez were by far the most common infections in July, according to lists released Thursday by antivirus software and services companies Central Command, Sophos and Kaspersky Labs.

The remarkably durable versions of the Klez worm surfaced early this year and quickly munched their way into the record books, overtaking SirCam as the most active computer pest in recent history.

Security experts have attributed Klez's durability to its capacity for disguise, fooling recipients into opening infected messages. Klez-created e-mail messages can contain any of several dozen subject lines, such as the popular "An excite game!" and randomly spoof an e-mail address to mask the true sender.

Virus writers have kept busy during Klez's rampage, however, as indicated by the presence of several new pests in July's Top 10 lists. The Frethem virus has spread through infected e-mail messages purporting to contain a vital Windows password.

"Frethem uses a simple psychological trick to reel users in," said Stuart Palmer, managing director at Sophos.

Also making the charts was Yaha, which began as typical mass-mailing worm but mutated with its "E" variant into a political tool that used infected PCs to launch rudimentary denial-of-service attacks against the main Web site of the Pakistani government.

Steven Sundermeier, product manager for Central Command, noted that the overall number of virus reported in July was down slightly from the previous month.

"Whether this is due to an increasing awareness of malicious code or simply because more users are on vacation and away from their computers, it's a trend we hope will continue," he said in a statement.


Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.