|
|
|
January 10, 2003
Information-technology Promotion Agency
Security Center (IPA/ISEC)
|
|
The worst virus ever !
There were approximately 10,000 reports for W32/Klez in one year !!
1. Computer Virus Incident Reports
This is a Computer Virus Incident Reports for December 2002 and for the year 2002 compiled by IPA: Information-technology Promotion Agency.
1-1. Annual virus incident report for 2002 -- W32/Klez had the worst number of reports ever --
In 2002, 20,352 reports were submitted to IPA, and the number decreased slightly compared from 2001 having 24,261 reports.
W32/Klez had the worst number reported for 9 consecutive months, having 9,648 reports (approximately 50% of total), which made a single virus to have the worst number of reports ever for a year. This was followed by W32/Badtrans having 3,336 reports and W32/Hybris having 870 reports.
For more information, please refer to "Computer Virus Detection Incident Reports in 2002"
1-2. December computer virus incident reports
In December, 1,135 reports were submitted to IPA (November: 1,408 reports). The top number of viruses reported were W32/Klez having 465 reports with new variants having subjects such as "Happy Christmas" and "Happy New year", W32/Bugbear having 133 reports, and W32/Opaserv and VBS/Redlof, having 67 reports.
In addition, an alert was announced for a massive spread of virus mail during the year change period since there was a concern, but there was no serious viral damage.
Caution necessary for infection through web page !!
There are viruses, such as VBS/Redlof, where infection is obtained just by browsing a web page. When infected with this virus, infection is spread through ways provided below.
*Infected computer will record the virus program in the body of the sending e-mail, hence spreads the infection.
*Infects HTML and other files on the computer, and when the infected file is uploaded on the web page without noticing this, infection will spread to people who browse the web page.
Especially, there are more cases where one gets infected through browsing a web page, so caution is necessary.
|
|
2. Warning for this month :
Start virus countermeasure from anti-virus software !!
===== In order to use the internet comfortably ! =====
There are various ways for virus infection to happen. The most common type is obtained through attached file on the e-mail, such as W32/Klez and W32/Bugbear. But there are infections obtained from browsing a web page, such as W32/Nimda and VBS/Redlof, and infections obtained from shared network, such as W32/Opaserv.
In order to prevent infection damages through various paths from happening, it is essential to use the anti-virus software with the latest version of virus detecting data file on a constant monitoring setting.
|
3 steps for anti virus software
|
|
1. Must be installed
|
|
=== Necessity for countermeasure
|
2. Appropriate setting
|
=== Constant monitoring setting is effective
|
3. Updating virus detecting data file
|
=== New virus emerges everyday Update at least once a week !
|
|
|
3. Prevalence Table .
1) There were 47 kinds of viruses reported in December. (998 reports for Windows/DOS, 136 reports for Macro and Script virus, 3 for Macintosh and UNIX virus.)
(*) indicates new virus in this month.
Windows/DOS Virus
|
No. of report
|
Macro virus
|
No. of report
|
W32/Klez
|
465
|
XM/Laroux
|
25
|
W32/Bugbear
|
133
|
XM/VCX.A
|
13
|
W32/Opaserv
|
67
|
X97M/Divi
|
6
|
W32/Brid
|
50
|
W97M/Ethan
|
2
|
W32/Badtrans
|
48
|
X97M/Barisada
|
2
|
W32/Yaha
|
40
|
WM/Cap
|
1
|
W32/Nimda
|
36
|
WM/Wazuu
|
1
|
W32/Magistr
|
33
|
W97M/Marker
|
1
|
W32/Sircam
|
31
|
W97M/Melissa
|
1
|
W32/Hybris
|
27
|
W97M/Nsi
|
1
|
W32/Funlove
|
15
|
W97M/Pri
|
1
|
W32/CIH
|
13
|
W97M/X97M/P97M/Tristate
|
1
|
W32/Frethem
|
7
|
|
|
W32/Winevar
|
5
|
Script virus
|
No. of report
|
W32/Fbound
|
4
|
VBS/Redlof
|
67
|
W32/Higuy
|
4
|
VBS/Haptime
|
6
|
W32/Aliz
|
3
|
VBS/LOVELETTER
|
6
|
W32/MTX
|
3
|
VBS/Netlog
|
2
|
Form
|
2
|
|
|
W32/Mylife
|
2
|
|
|
W32/Myparty
|
2
|
Macintosh virus
|
No. of report
|
Anti-CMOS
|
1
|
AutoStart9805
|
2
|
WYX
|
1
|
|
|
W32/CodeRed
|
1
|
|
|
W32/Gibe
|
1
|
UNIX virus
|
No. of report
|
W32/QAZ
|
1
|
Linux/Slapper
|
1
|
W32/Ska
|
1
|
|
|
W32/Tecata
|
1
|
|
|
W32/Zoher
|
1
|
|
|
Note: the numbers of reports include reported modified variants
Note: The abbreviation used in the "Name of Virus" are as follows:
WM
|
MSword95 (WordMacro)
|
W97M
|
MSword97 (Word97Macro)
|
XM/XF
|
MSexcel95/97 (ExcelMacro/ExcelFormula)
|
X97M
|
MSexcel97 (Excel97Macro)
|
W97M/X97M/P97M
|
MSword97/MSexcel97/MSpowerpoint97
( Word97Macro/Excel97Macro/PowerPoint97Macro )
|
W32
|
Works under Windows32
|
VBS
|
Written in VisualBasicScript
|
Wscript
|
Works under WindowsScriptingHost (excluding VBS)
|
Solaris
|
Works under Solaris
|
FreeBSD
|
Works under FreeBSD
|
Linux
|
Works under Linux
|
2) The following table shows the number of reports sorted by reporting body. Most reports came from "general corporate user" with about 87% of total reports.
Reporting Body
|
Number of report
|
2002 December
|
|
2002 Total
|
|
2001 Total
|
|
General corporate user
|
984
|
86.7%
|
15,313
|
75.2%
|
17,332
|
71.4%
|
Education/Research Institute
|
20
|
11.5%
|
1,914
|
9.4%
|
1,286
|
5.3%
|
Individual user
|
131
|
1.7%
|
3,125
|
15.3%
|
5,643
|
23.3%
|
3) The following table shows the number of reports sorted by region. The largest number of reports was from Kanto region, followed by Kinki and Chubu region.
Region
|
Number of report
|
2002 December
|
|
2002 Total
|
|
2001Total
|
|
Hokkaido
|
8
|
0.7%
|
311
|
1.5%
|
506
|
2.1%
|
Tohoku
|
25
|
2.2%
|
534
|
2.6%
|
882
|
3.6%
|
Kanto
|
831
|
73.2%
|
12,986
|
63.8%
|
16,291
|
67.1%
|
Chubu
|
105
|
9.3%
|
1,894
|
9.3%
|
2,360
|
9.7%
|
Kinki
|
115
|
10.1%
|
3,254
|
16.0%
|
2,589
|
10.7%
|
Chugoku
|
40
|
3.5%
|
365
|
1.8%
|
387
|
1.6%
|
Shikoku
|
7
|
0.6%
|
151
|
0.7%
|
399
|
1.6%
|
Kyusyu
|
4
|
0.4%
|
857
|
4.2%
|
847
|
3.5%
|
4) The following table shows the source of virus by damage reports.
The most common case is that being infected by mails including from overseas. The share is 92% among numbers of reporting
Source of Virus
|
Number of report
|
2002 December
|
|
2002 Total
|
|
2001 Total
|
|
Via email
|
775
|
68.3%
|
17,107
|
84.1%
|
17,790
|
73.3%
|
Via email from overseas
|
275
|
24.2%
|
2,660
|
13.0%
|
3,791
|
15.6%
|
Download from network (*)
|
12
|
1.1%
|
121
|
0.6%
|
593
|
2.4%
|
External medium
|
16
|
1.4%
|
119
|
0.6%
|
655
|
2.7%
|
External medium (overseas)
|
0
|
0%
|
4
|
0%
|
22
|
0.1%
|
Unknown
|
57
|
5.0%
|
341
|
1.7%
|
1,410
|
5.8%
|
(*) including Web page infection
5) The following table shows the number of PCs infected by viruses.
Number of PCs
|
Number of report
|
2002 December
|
|
2002 Total
|
|
2001 Total
|
|
0
|
1,037
|
91.3%
|
18,633
|
91.5%
|
19,585
|
80.7%
|
1
|
84
|
7.4%
|
1,364
|
6.7%
|
3,733
|
15.4%
|
2-4
|
8
|
0.7%
|
206
|
1.0%
|
528
|
2.2%
|
5-9
|
1
|
0%
|
59
|
0.3%
|
190
|
0.8%
|
10-19
|
3
|
0.3%
|
60
|
0.3%
|
93
|
0.4%
|
20-49
|
2
|
0.2%
|
23
|
0.1%
|
74
|
0.3%
|
50 and more
|
0
|
0%
|
7
|
0%
|
58
|
0.2%
|
|
|
4. Virus Payload Dates
To prevent the spread of virus, please check the special notice on viruses that have payload dates between January 10 and February 28.
For more information, please refer to the virus calendar at:
http://www.ipa.go.jp/security/virus/viruscalendar.html (Japanese)
=W32/Klez (It occurs data 6th every month)
On 6th February, the files in C drive will be destroyed.
= VBS/Haptime (It occurs when the total of month and date is 13)
On January 12 and February 11, the files of which extension is .dll, .exe will be deleted.
Computer Virus Incident Reporting Program
The Ministry of Economy, Trade and Industry announced "Computer Virus Prevention Guidelines" to prevent the spread of computer viruses in Japan. IPA was designated to receive the "Computer Virus Damage Report" directly
from the infected users to investigate virus problem and to provide monthly statistics. This reporting system started in April 1990. Anyone who has encountered computer virus is supposed to send a virus report with necessary information to IPA to prevent further spread and damage of viruses.IPA deals with each reporter (user) on an individual
basis as a consultant, and also works as a public research institute for antivirus measures by analyzing problems showed on the damage report. Taking reporters' privacy into full consideration, IPA periodically publishes the result of their research and analysis on computer virus incident.
Computer Virus Prevention Guidelines:
- Enactment on April 10, 1990 (release No.139)
- Amendment on July 7, 1995 (release No. 429)
- Amendment on September 24, 1997 (release No. 535)
- Amendment on December 28, 2000 (release No. 952)
|
Inquiry: IPA Security Center ( IPA/ISEC )
( ISEC: Information technology SEcurity Center )
TEL:+81-3-5978-7508 FAX:+81-3-5978-7518
E-mail: 
Emergency call: +81-3-5978-7509 URL: http://www.ipa.go.jp/security/index-e.html
|
|
 Page Top
|
|
Information Service Activities