sign in sign up
<<
Home , Code Red (computer worm), Klez

Viruses, infections and protection

www.pandPanasdao Sftowftawraer.ec. omSoluciones Antivirus para Empresas.

December 2003 © Panda Software Viruses, infections and protection

Virus epidemics in 2003 and antivirus protection

At present, a large number of computers around the world lack adequate antivirus protection, as shown by the virus epidemics throughout the year 2003 caused, in most cases, by ‘old’ malicious codes.

In contrast with the situation in the past (when some malicious codes were able to spread very quickly but then disappeared shortly after), this year, infections have been mostly caused by viruses whose proliferation has not diminished so rapidly. Actually, they have managed to persist long after antivirus vendors had an antidote against them. This is one of the conclusions that can be extracted from the ranking of the Top Ten viruses most frequently detected by Panda ActiveScan -Panda Software's free online scanner- in 2003.

Top Ten viruses most frequently detected by Panda ActiveScan in 2003

Virus % of infections First appeared

W32/Bugbear.B 11.21% June 2003

W32/.I 8.59% April 2002 Trj/PSW.Bugbear.B 6.45% June 2003

W32/ 5.32% August 2003 W32/Parite.B 5.1% November 2001

W32/Mapson@MM 4.73% June 2003

W32/EnerKaz 4.42% December 2002

Trj/JS.NoCLose 3.59% January 2003

W32/Bugbear 3.43% September 2002

W32/Bugbear.B.Dam 2.52% June 2003

Bugbear.B (11.21%) tops this ranking largely due to its ability to spread massively by e-mail, and the way that it exploits a vulnerability in Explorer to run automatically. The country most affected by Bugbear,B during 2003 was Portugal, followed closely by El Salvador and Guatemala.

W32/Bugbear.B % of infections in the country Most affected countries

Portugal 21.88

El Salvador 20.86 Guatemala 20.12 Costa Rica 19.61

Belgium 18.42

www.pandasoftware.com Page 1 Viruses, infections and protection

Second on the list is Klez.I (8.59% of infections). In this case, Guatemala, USA and Costa Rica were the countries most affected by this malicious code. Even though Klez.I appeared in April 2002, it has continued to cause incidents. There are several reasons for this: its capacity to run automatically, its use of ‘social engineering’ techniques to trick users, and its ability to go unnoticed so that users do not know their computers are actually infected by it.

W32/Klez.I % of infections in the country Most affected countries

Guatemala 12.55

USA 12.44 Costa Rica 10.59 Ecuador 10.59

Spain 10.03

Closely linked to the worm Bugbear.B is the Trojan PSW.Bugbear.B (6.45%), which ranks third on the list. This Trojan has been especially virulent in Portugal, Costa Rica and El Salvador.

Trj/PSW.Bugbear.B % of infections in the country Most affected countries

Portugal 14.78

Costa Rica 12.45 El Salvador 11.44 Guatemala 11.36

Italy 10.39

Fourth place is occupied by Blaster (5.32%). This worm first appeared in August, and thanks to its capacity to exploit a security flaw recently discovered in some versions of Windows operating systems, was able to unleash a worldwide epidemic particularly devastating in Hungary, Switzerland and Germany.

W32/Blaster % of infections in the country Most affected countries

Hungary 11.19

Switzerland 10.38 Germany 8.91 Portugal 8.78

Norway 8.36

www.pandasoftware.com Page 2 Viruses, infections and protection

The polymorphic Parite.B virus (5.1%) is another infamous protagonist of this 2003 Top Ten. Although it hasn’t caused a large epidemic, it has managed to stay in most of the lists of viruses most frequently detected ever since it appeared in November 2001. It has been notably persistent in Germany, the Dominican Republic and Sweden.

W32/Parite.B % of infections in the country Most affected countries

Germany 11.80

Dominican Republic 10.87 Sweden 10.09 Poland 8.12

Israel 7.89

Sixth on the list is Mapson (4.73%), a worm which can spread via e-mail, MSN Messenger and P2P applications and spread widely in countries like Peru, Mexico and Venezuela.

W32/Mapson@MM % of infections in the country Most affected countries

Peru 13.31 Mexico 11.97 Venezuela 10.87 Bolivia 10.42

Panama 9.67

Next comes Enerkaz (3.59%), a worm which was first detected in December 2002 and uses several means of propagation. It had a special impact in the United Kingdom, France and Germany.

W32/EnerKaz % of infections in the country Most affected countries

United Kingdom 7.25

France 7.00 Germany 6.96 Holland 6.56

Canada 6.09

www.pandasoftware.com Page 3 Viruses, infections and protection

Eighth place was taken by NoClose (3.59%), one of the few Trojans on the list, which affected chiefly Australia, Canada and Guatemala.

Trj/JS.NoCLose % of infections in the country Most affected countries

Australia 6.99

Canada 6.27 Guatemala 6.01 USA 5.96

Bolivia 5.15

The ranking is completed by W32/Bugbear (3.43%) -the first virus in the Bugbear family to be discovered- and one of its minor variants, Bugbear.B.Dam (2.52%). In both cases the largest number of incidents took place in Uruguay and Australia.

W32/Bugbear % of infections in the country Most affected countries

Uruguay 8.20 Australia 7.90 Ecuador 6.71 Argentina 6.17

France 5.66

W32/Bugbear.B.Dam % of infections in the country Most affected countries

Uruguay 6.77

Australia 6.07 Ecuador 5.82 Guatemala 5.72

Costa Rica 5.59

www.pandasoftware.com Page 4 Viruses, infections and protection

Unprotected computers = "Persistent" viruses

As soon as a new virus is detected, antivirus developers get straight down to work to offer users an antidote. Taking this into account, it is highly significant that Bugbear.B -which appeared in June 2003- and Klez.I -which dates back to April 2002- are the two viruses that have caused the largest number of infections this year.

The presence of Bugbear.B and Klez.I in the 2003 ranking of viruses most frequently detected -compiled with data collected by Panda ActiveScan-, clearly indicates that there is a large number of computers that lack antivirus protection, or the one they have has not been updated for a long time. This conclusion is also backed up by the following facts:

- The presence of Parite.B in the ranking. This virus has appeared in the list of viruses most frequently detected ever since it first appeared in November 2001.

- The absence from the list of the most recent viruses.

Another important fact is the prominence of the Bugbear family, as four members of the family are found in the Top Ten ranking, which is topped by Bugbear.B.

The main consequence of the fact that a large number of computers lack adequate protection is the existence of a significant number of viruses “attacking” both protected and unprotected computers, as shown by the graphs below. These show the evolution of the impact (% of infected PCs), around the world, of the five viruses that top the ranking of the Top Ten viruses most frequently detected by Panda ActiveScan in 2003.

www.pandasoftware.com Page 5 Viruses, infections and protection

Additionally, many malicious codes in the 2003 Top Ten -such as Bugbear.B, Klez,I, Blaster, etc.- take advantage of vulnerabilities in the software installed on computers, which indicates that many users have not installed security patches released by vendors to fix those flaws. Due to this, worms like Klez.I, which exploits vulnerabilities found and fixed months ago, continue to infect computers.

www.pandasoftware.com Page 6 Viruses, infections and protection

The problem behind the problem

The main reasons given by users to explain why their computers don’t have protection are:

- They don’t use the Internet much or only connect to sites they already know. They only exchange mail with friends and relatives.

- They don’t know much about the issue or don’t care much about it.

- They think antivirus programs are expensive, believe they are protected in some way or prefer to take the chance.

In short, it is important that users know the risks posed by computer viruses, take preventive protection measures, and become aware of the importance of having an effective antivirus properly updated. Only in that way will they be able to minimize the information and productivity losses virus infections can cause and which result in significant economic losses, as shown in the table below:

Economic losses caused by virus infections (*)

DateMalicious codeLosses (million euros)

May 2000 I love you 10,000 Year 2001 2,970 Year 2001 Sircam 1,304 January 2003 Slammer More than 705

(*) Source: Computer Economics

www.pandasoftware.com Page 7