October 1, 2003 - BitDefender and Command Central released their lists of top computer viruses and worms for September 2003. At the top of the BitDefender list are two nasty worms that wrecked hundreds of thousands of computer systems in August - MsBlast.A and Sobig.F, producing damages of billions of dollars. The BitDefender list also introduces a brand new menace, Swen.A, another disgusting creature worming its way to infamy.
| Ranking | ||
| 1 | Win32.Msblast.A (19.0%) | Worm/Sobig.F (67.5%) |
| 2 | Win32.Swen.A@mm (16.0%) | Worm/Gibe.C (8.6%) |
| 3 | Win32.Sobig.F@mm (13.3%) | Worm/Nachi.A (3.9%) |
| 4 | Win32.BugBear.B@mm (12.0%) | Worm/Dumaru.A (3.7%) |
| 5 | Trojan.Exploit.Java.Bytverify (10.2%) | Worm/Klez.E (including G) (3.0%) |
| 6 | Win32.Klez.H@mm (9.0%) | Worm/MiMail.A (2.9%) |
| 7 | Win32.Parite.B (7.2%) | Worm/Lovsan.A (1.8%) |
| 8 | Win32.HLLP.Hanta.A (5.0%) | Worm/BugBear.B (1.7%) |
| 9 | Backdoor.SDBot.gen (4.7%) | Worm/Sobig.A (1.0%) |
| 10 | JS.Trojan.NoClose.K (3.6%) | Worm/Sircam.A (0.5%) |
Sobig.F also tops the Command Central list. "Despite having a self-termination date of September 10th, 2003 that crippled its aggressive emailing spreading routine, the massive volume of infection reports prior to the de-activation date easily secured Worm/Sobig.F as the top spot," said Steven Sundermeier, Vice President of Products and Services at Central Command, Inc.
According to Central Command's EVRT, the top new nuisance was Worm/Gibe.C. "Worm/Gibe.C was crafted to disguise itself as a cumulative security patch from Microsoft. The closely mirrored emails combined with the hot topic of patching vulnerable systems mislead users down the path of virus infection."
BitDefender notes that a certain amount of novelty is brought by the nasty shape of Swen.A, originally mild, but eventually tough for a lot of users. Under the guise of "September 2003, Cumulative Patch," the virus looks to exploit an old flaw in Microsoft's Internet Explorer Web browser. Microsoft issued a fix for the problem in March 2001, so lamentations are overdue.
Swen's spreading and damage are linked so far to the fact that social engineering tricks - such as masquerading - still work among common users. In spite of recent experiences with some uglier cyber-creatures, users haven't really learned their lesson well. Although Swen's harsh attack on the Internet didn't result in the kind of damage Windows users have somehow gotten used to, virus researchers say that some 200,000 computers were infected by Swen so far. In a fair estimation, that kind of spreading leaves Swen pretty low comparing to the threats we've seen lately, that is - Sobig.F mainly.
Nevertheless, this should not be regarded as a threat for companies that strip executables at their gateway. Moreover, the fake alert e-mail should command some immediate attention, considering that Microsoft doesn't send patches via e-mail. Instead, it refers people to its download page and that has been seen as a keen issue by users too many times, the more reason for everyone to recall Microsoft's demeanor. Speaking of the devil, BitDefender has prepared a mechanism of alert and instant patching against obvious security breaches.
Still, Swen's caused some disturbance and people were advised, once more to tighten their security and patch their systems. That alone can turn this issue of our Evil Top into another hope that someday users will be more aware of malware dangers. As for the computer damage and productivity losses, nobody would like to look forward to another similar evil summit this year.