In February, 1,733 reports were submitted to IPA, and the number increased approx. 30% from January (1,323 reports). W32/Mydoom emerged on January 27, and its variants came out in February. The number of reports submitted for W32/Mydoom including variants has reached 637 . This was followed by W32/Klez having 171 reports, W32/Mimail having 163 reports, and newly found variant of W32/Netsky having 150 reports.

Many types of variants have emerged successively in a short period

In February, W32/Mydoom and its variants, Mydoom.B (found on Jan. 29) and Mydoom.F (Feb. 21), gave serious infection and many reports were submitted. These viruses spread their infection by mail attachments. Recipients will get infected if they open the attachment file. Then the virus does the following activities.

• Sends the virus mail to the addresses that are saved in the computer (for example, in the address book).
• Performs DoS (Denial of Service) attack to the certain Web site.
• Deletes Word and Excel files (only Mydoom.F)

For more information, see [Note].

The chart below depicts the dates when viruses were found based on the reports submitted. It shows the tendency that the number of reports is decreasing, but the number tends to increase when the variants come out.

Variants including W32/Mydoom.B , F , and W32/Netsky.B , C have emerged in a short period of time. Do not conclude virus-free by the appearance because there are a lot of combinations of the subject and the name of the attachment file as shown [Note]. It is important to verify mails using the anti-virus software and not to open attachment files easily. If these basic countermeasures are done, it is possible to prevent virus infection even if a new variant comes out.

In February, 37 reports were submitted to IPA, and the number increased approx. 30% from January (28 reports). The number of damaged reports was 4 , that is a half of the number in January (8 reports). Among them, there were one report for intrusion, one for unauthorized usage of ID, and two for forcing download of unauthorized program.

Among these reports, we have to pay attention to the following case.
  - An attacker tampered a home page by exploiting the security hole of Windows.

IPA received such damaged reports that were caused by known security holes.

In February, Microsoft announced the serious security hole in specific OS including Windows XP and Windows 2000. This security hole could allow attackers to execute any instructions. The programs which exploit this security hole have already emerged. Therefore, Windows users have to fix this security hole using Windows Update or security update program.

February 12, IPA announced the following information

• Emergency Security Countermeasure Information: Vulnerability in Microsoft ASN.1 Library http://www.ipa.go.jp/security/ciadr/vul/20040212-asn1.html

--- Do not panic even if you receive infection alert ---

Most of the recent viruses spoof the sender's address like W32/Mydoom virus which gave the serious impact. There are many cases where alert mails notifying the virus infection or error mails with unknown address are delivered to the addresses that are not infected. These addresses are used for spoofing.

To avoid infection damage, don't open the attachment file and use the anti-virus software to find the virus quickly. It is essential to use the anti-virus software with the latest version of virus detecting data file and update it constantly.

When you use mail system, you could receive error mail or alert mail that you have no idea of. Do not panic even if you receive such mails. It is important to check virus infection using anti-virus software.

The details are as follows;

• Computer virus Incident Report [Details]
• Unauthorized Computer Access Incident Report [Details]

Information-technology Promotion Agency IT Security Center (IPA/ISEC)
Tel:+81- 3-5978-7508
Fax:+81- 3-5978-7518
E-mail: