Two worms — Klez and Yaha — continue to plague users around the world, despite months of
warnings to install the patches needed to easily fend them off.
Variants of the Klez worm, the Yaha worm and the Avril worm are still causing enough
problems to make two separate lists of the top worms and viruses for the month of March.
Sophos Inc. and Central Command Inc., both antivirus vendors, put the three worms on their
list of notorious elite. A Sobig variant, along with Nimda and Bugbear, also found spots on
the listings.
”Remarkably, the Internet worms, Klez.E and Yaha.E have remained number one and number two
[on our list] for the past five months,” says Steven Sundermeier, a product manager with
Central Command. ”This is a clear indication that many users continue to ignore the
importance of installing and maintaining up-to-date antivirus software.”
Klez.E accounted for 21.6 percent of all virus infection reports at Central Command last
month. Yaha.E reports accounted for 10.8 percent.
At Sophos, the highest-ranked new entry to March’s virus list is Gibe-D, a variant of the
Gibe worm which spreads through the KaZaA network. ”It indicates the growing popularity of
file sharing,” says Chris Belthoff, a senior product manager at Sophos. ”Businesses need
to rethink whether these applications have a valid place on their networks.”
At Central Command, new viruses on the list included the Ganda worm and the NiceHello worm.
Ganda is designed to prey on the world’s interest in the events in the Middle East. One body
message claims the email contains pictures taken by one of the U.S. spy satellites during a
mission over Iraq. The NiceHello worm emails itself to addresses found on the MSN Messenger
contact list. The email contents are written in Spanish.
Sophos reports that it detected 883 new viruses, worms and Trojan horses in March.
Sophos also reports that a new hoax has taken the highest spot in the company’s list of top
hoaxes.
”The WTC Survivor hoax, which falsely warns of a Sept. 11 themed virus, has taken over the
number one slot for the first time in a year,” says Belthoff. ”People receiving this hoax
should ignore its advice and not email the warning to everyone they know. Much like real
viruses, hoaxes clog mail servers and cause unnecessary confusion.”