Klez Virus Tabbed As Year's BiggestKlez Virus Tabbed As Year's Biggest

The biggest virus of 2002 also was the one with the most staying power. The Klez virus infected users for seven months, said antivirus vendor Sophos, which released on Thursday a top 10 list of the nagging, costly, and seemingly endless security problems.

Second on the year's peskiest viruses list was Bugbear, which reached the No. 2 spot despite having been released in late October.

Rounding out the top 10 list were Badtrans, Elkern, Magistr, MyParty, Sircam, Yaha, Frethem-Fam, and Nimda.

Nine of the top 10 viruses for 2002 are mass-mailing Windows 32 viruses, the exception being the Elkern virus, which is dropped by Klez.

This year also saw the emergence of "sender-forging" viruses, where high-profile viruses like Klez and Yaha substituted the address of the real sender of the worm with a random address selected from the sender's E-mail address book, leading to accusations that innocent computer users sent the worms to customers, suppliers, and colleagues, Sophos said.

The JDBGMGR virus hoax, an E-mail duping users into deleting a legitimate file from their PCs, was first spotted in April and topped the Sophos hoax chart every month since May, Sophos said. JDBGMGR was the second most searched word on the Sophos Website in 2002, topped only by Klez.

A virus writer produced a proof-of-concept worm written in C#, to demonstrate that it's possible to write viruses in that language, the vendor said. The CoolNow worm, propagating via instant messaging, demonstrates that viruses travel through channels other than E-mail.

Despite hype and warnings, some of it from antivirus vendors, no viruses have yet attacked PDAs or mobile phones, Sophos said.

Regardless of the problems they cause, viruses are getting under control as enterprise security threats, one security analyst said. Rather, it's spam that looks to be a major problem next year, said Jan Sundgren, analyst for Giga Information Group.

"Even though we had Klez and Bugbear this year, they haven't been hitting corporations as much as they have consumers, and they haven't been innovative," said Sundgren.

Home users who are behind in keeping their antivirus software up-to-date are the biggest class of victims for those viruses, as enterprises become more vigilant in updating antivirus software.

Meanwhile, spam is becoming an increasing burden on corporate networks, becoming far more widespread and less controllable than viruses. Developing products and services from vendors including Brightmail Inc. and Cloudmark may help bring spam under control fairly soon, the analyst said.