Most Common Viruses According To SARC
Viruses are becoming more and more prevalent everyday (as if you didn’t already know that…). This being the case, I decided to compile a list of the most common viruses according to SARC (see below), along with links on detection and removal procedures for each. It seemed that having this information in one place could be very helpful for those of you that have to deal with these viruses.
First of all, there are several sites that I would like to point you to that are the first place to look whenever you suspect you are infected with a virus, or you suspect that you may have found a virus.
The first of these sites is CERT (see below). For those of you that are unfamiliar with CERT (Computer Emergency Response Team), it is a non-profit organization located at Carnegie-Melon institute that focuses on computer afflictions. This is a great site, not just for virus information, but for information regarding security vulnerablities and patches as well. Check out CERT below.
The next place that I would like to point you to is SARC. SARC is Symantec’s (Symantec is the company that makes Norton’s Anti-Virus software) site devoted to identifying, detecting, and removing viruses. Being that SARC is a commercial site, many of their solutions (i.e. removal tools) will only work if you had Norton’s Anti-Virus installed prior to infection.
McAfee, another anti-virus software vendor, has a site very much like Symantec’s. Like Symantec, some of the removal techniques will require that you have had McAfee’s software installed prior to infection.
Lastly, another commercial site, is Sophos. I found it a bit discouraging that in the list of recent threats on Sophos’s home page there was no entry for the Klez virus; however using the search on the site, I did find plenty of information regarding it. You can find out more below.
The most common virus right now is the Klez virus. There are several variations of the Klez virus (the most common being klez.h), so rather than list them all as individual viruses, I am going to group them under one category.
The Klez virus is a nasty little guy that will infect executables located on the infected machine. This is accomplished by creating a hidden copy of the original file and then writing itself over the original file. The hidden copy is encrypted (making recovery more difficult) but is not infected with the virus. This encrypted original (the hidden file) will have the same name as it did before the infection took place, with a random extension added to the file name.
The Klez virus is an iframe attachment that will infect a machine simply by viewing the infected email in the preview pane of your email client. Keep in mind, the Klez virus will forge the email header so that infected emails it sends out could have any of the addresses it finds in the address book or on html pages stored on the hard drive could be the address in the “from” field of the email. I mention this so that you don’t contribute to the problem by emailing (nasty emails) to a bunch of people that may not have the virus.
Symantec has a page devoted to the Klez virus and its variants…(see below).
McAfee has a page similar to Symantec’s page……(see below).
AntiVirus.com offers instructions and a free removal tool for the Klez virus. Sophos also offers instructions and a free removal tool for the Klez virus…(see below).
The rest of the viruses I will be listing are relatively old, but still roaming the ‘net. Judging by when these viruses where discovered (one of which is almost two years old!), users need to be a bit more aware of updating their anti-virus software, or consider using software that is not affected by these viruses. This is by no means a definitive list of vendors. I tried to pick the most popular anti-virus vendors, however if yours is not listed, drop me a line so that I can include them the next time I do an issue like this one. So, here they are, the most common viruses in circulation (behind the Klez virus) as of the middle of May, 2002.
November 24, 2001
(The original Badtrans was found in April, 2001– this is a variant of that worm)
See below for more info from these vendors.
September 18, 2001
A note about Nimda, there are *many* variations. Be sure to read up on how to check and see which version you may have at your respective vendor’s site.
July 17, 2001
September 25, 2000
This is not a definitive list of all the viruses roaming the net. This is simply a place to begin your search. Most of the sites listed below will provide you with a wealth of information regarding finding and removing these infections from your machine(s). If this article has been helpful, please let me know.
Jay Fougere is the IT manager for the iEntry network. He also writes occasional articles. If you have any IT questions, please direct them to Jay@ientry.com.