Go to the FreeLists Home Page Home Signup Help Login 		 



[cybercrime-alerts] || [Date Prev] [05-2002 Date Index] [Date Next] || [Thread Prev] [05-2002 Thread Index] [Thread Next]

Chernobyl virus rides Klez's coattails

  • From: alerts@xxxxxxxxxxx
  • To: cybercrime-alerts@xxxxxxxxxxxxx
  • Date: Mon, 06 May 2002 16:50:49 -0400

Chernobyl virus rides Klez's coattails
By David Becker
Staff Writer, CNET News.com
May 6, 2002, 12:30 PM PT
http://news.com.com/2100-1001-900050.html

The Klez worm just keeps on giving.
The persistent pest, which made a strong comeback last month in the form of the 
Klez.h variant, is now helping revive the Chernobyl virus, according to a new 
report from antivirus company Symantec.

The report says that a virus known as W95.CIH.1049, a slight variation of the 
W95.CIH bug dubbed the Chernobyl virus when it began spreading four years ago, 
has been detected in recent infections of the Klez worm. The main difference 
with the new virus is that it's set to activate on Aug. 2 of every year, as 
opposed to the April 26 attack date of the original Chernobyl.

Vincent Weafer, senior director of Symantec's Security Response team, said the 
company began seeing Chernobyl-infected messages last week, but they continue 
to account for only a handful of the thousands of Klez infested messages the 
company sees daily. Weafer said the viral bonus wasn't intentional but rather a 
by-product of Chernobyl-infected PCs also propagating the Klez worm.

"As far as (Chernobyl) is concerned, the Klez worm is just another file to 
infect," Weafer said. "It's quite common to see piggybacking effects when you 
have worms that have been propagating for a long time in the world."

Even though Chernobyl is ancient by virus standards and easily detected by 
almost any antivirus software, Weafer said it's not unusual to have bugs still 
making the rounds years after their debut.

"When you look back at viruses, you see recurrences," Weafer said. "They can 
live for many years out in the wild."

The first version of the Klez worm surfaced early last year, with subsequent 
variations causing damage ranging from moderate to minor. Bug writers hit pay 
dirt with the Klez.h variant, however, which quickly became one of the most 
active worms ever after it surfaced last month.

Moscow-based security company Kaspersky Labs recently ranked Klez as by far the 
most active e-mail threat in April, responsible for 94.5 percent of all 
incidents reported during the month.

British e-mail screening firm MessageLabs ranks Klez.h as No. 3 on its list of 
all-time most active computer pests, with more than 391,000 infections 
intercepted. At current rates of infection, Klez.h should surpass the No. 2 
bug, BadTrans.b, in a few days. It'll have a long way to go, however, to catch 
the all-time champ, the SirCam worm, still going strong with more than 748,000 
interceptions to date.








--
This was sent to you from http://theMezz.com
To Subscribe/Unsubscribe go to http://techPolice.com

* Our Monthly Tech NewsLetter is at http://theMezzenger.com *




[ Home | Signup | Help | Login | Archives | Lists ]

All trademarks and copyrights within the FreeLists archives are owned by their respective owners.
Everything else ©2008 Avenir Technologies, LLC.