Weekly Virus Report – Klez Dominance and Bride Worm
Virus news this week has centered around the appearance of Bride.B, and the continued dominance of Klez.I (W32/Klez.I) and Bugbear (W32/Bugbear) in the leading positions of the ranking of the most virulent malicious code, as compiled from data provided by Panda ActiveScan, the free online antivirus from Panda Software.
Over the last seven days, of the total number of computers in which ActiveScan detected an infection, Klez.I was the culprit in 13.64 percent of cases, followed by Bugbear (6.63%) and Bride (W32/Bride) (3.86%). The top three are closely followed by Trj/PWS.Bugbear (3.68%) and Elkern.C (3.59%).
This week a new variant of W32/Bride has appeared, W32/Bride.B. This worm spreads via e-mail, by sending itself out to the addresses that it finds in the HTM files and Outlook Express folders in the affected computer. This virus reaches computers in an e-mail message with the following characteristics:
– Subject: (this field is left blank).
– Message:
Hello,
My name is donkey-virus.
I wish you a merry Christmas and happy new year.
Thank you
– Attachments: README.EXE
Bride.B activates when the attached file is run or when the e-mail message carrying this worm is viewed in the Preview Pane. It does this by exploiting the Exploit/iFrame vulnerability in the Microsoft Internet Explorer browser. When it carries out its infection, this malicious code temporarily removes the icons from the Desktop and ends active processes. In order to carry out its infection, it creates the following files:
-MADAM.EXE, which is a copy of the worm. This file’s icon is similar to the Internet Explorer icon.
-MADAM.EML, which is a copy of the message that this worm sends out.