Symantec’s Top 10 Malcious Threats For June 2003

Symantec’s Top 10 Malcious Threats For June 2003

Symantec, the world leader in Internet Security, releases monthly intelligence reports which list in order of severity, the most malicious threats in Asia Pacific:

+ GLOBAL TOP TEN VIRUS THREATS ASIA PACIFIC TOP TEN VIRUS THREATS

1. W32.Bugbear.B@mm W32.Bugbear.B@mm

2. W32.Klez.H@mm HTML.Redlof.A

3. W32.Sobig.C@mm W32.Sobig.C@mm

4. HTML.Redlof.A W32.HLLW.Fizzer@mm

5. W32.Bugbear.B.Dam W32.Bugbear.B.Dam

6. W32.Mapson.Worm W95.Hybris.worm

7. W95.Hybris.worm W32.Klez.H@mm

8. W32.HLLW.Fizzer@mm BAT.Mumu.A.Worm

9. W32.Sobig.B@mm Backdoor.Dvldr

10. W32.Pinfi JS.Fortnight

David Banes, Regional Manager Symantec Security Response, Asia Pacific, analysis of the June data:

This month W32.BugBear.B@mm, discovered on June 4, 2003 is the top ranking threat both in Asia Pacific and globally. This worm was increased to a level 4 on a ranking system of one to five, based on the increase in submission rates. Bugbear.B is a mass-mailing worm that also spreads through network shares. The worm is polymorphic and infects a select list of executable files. The worm has keystroke-logging and backdoor capabilities and also attempts to terminate the processes of various antivirus and firewall programs.

An interesting feature of Bugbear.B is that it contained a list of more than 1,300 targeted bank domain names worldwide. If Bugbear.B determined that the default email address was from an affected system in a bank, then it would try to gain control of the machine in an attempt to steal passwords from these banking organisations.

Another prominent threat in the top ten list for June is the Sobig worms. Sobig.C is ranked at no 3 in our Asia Pacific list, and Sobig.B is ranked at no 9 in the global list. Sobig.E is another variant which was discovered in June but does not feature on our top ten list.

Both of these threats exploit the same vulnerability: Microsoft Internet Explorer MIME Header Attachment Execution Vulnerability. This vulnerability which was discovered over a year ago, is a HTML email feature in Internet Explorer version 5.5 and earlier, that allows attachments to automatically execute when an email is opened.

Consumers can visit Symantec’s Security Check to find out if there systems still have these threats on their PCs at: www.symantec.com/securitycheck.

Internet users need to update their antivirus definitions to ensure that they are protected from these threats. It is also recommended that users update their operating systems and application programs to the current version to ensure a high level of protection.

For further information regarding these threats, please visit the Symantec Security Response: http://securityresponse.symantec.com/

About Symantec

Symantec, the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to individuals, enterprises and service providers. The company is a leading provider of client, gateway and server security solutions for virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering, remote management technologies and security services to enterprises and service providers around the world. Symantec’s Norton brand of consumer security products is a leader in worldwide retail sales and industry awards. Headquartered in Cupertino, Calif., Symantec has worldwide operations in 36 countries. For more information, please visit www.symantec.com.

ENDS