CNET tech sites: Price Comparisons | Product Reviews | Tech News | Downloads | Site map
Front PageEnterpriseE-BusinessCommunicationsMediaPersonal TechnologyInvestor
Chernobyl virus rides Klez's coattails

By David Becker
Staff Writer, CNET News.com
May 6, 2002, 12:30 PM PT

The Klez worm just keeps on giving.

The persistent pest, which made a strong comeback last month in the form of the Klez.h variant, is now helping revive the Chernobyl virus, according to a new report from antivirus company Symantec.

The report says that a virus known as W95.CIH.1049, a slight variation of the W95.CIH bug dubbed the Chernobyl virus when it began spreading four years ago, has been detected in recent infections of the Klez worm. The main difference with the new virus is that it's set to activate on Aug. 2 of every year, as opposed to the April 26 attack date of the original Chernobyl.

Vincent Weafer, senior director of Symantec's Security Response team, said the company began seeing Chernobyl-infected messages last week, but they continue to account for only a handful of the thousands of Klez infested messages the company sees daily. Weafer said the viral bonus wasn't intentional but rather a by-product of Chernobyl-infected PCs also propagating the Klez worm.

"As far as (Chernobyl) is concerned, the Klez worm is just another file to infect," Weafer said. "It's quite common to see piggybacking effects when you have worms that have been propagating for a long time in the world."

Even though Chernobyl is ancient by virus standards and easily detected by almost any antivirus software, Weafer said it's not unusual to have bugs still making the rounds years after their debut.

"When you look back at viruses, you see recurrences," Weafer said. "They can live for many years out in the wild."

The first version of the Klez worm surfaced early last year, with subsequent variations causing damage ranging from moderate to minor. Bug writers hit pay dirt with the Klez.h variant, however, which quickly became one of the most active worms ever after it surfaced last month.

Moscow-based security company Kaspersky Labs recently ranked Klez as by far the most active e-mail threat in April, responsible for 94.5 percent of all incidents reported during the month.

British e-mail screening firm MessageLabs ranks Klez.h as No. 3 on its list of all-time most active computer pests, with more than 391,000 infections intercepted. At current rates of infection, Klez.h should surpass the No. 2 bug, BadTrans.b, in a few days. It'll have a long way to go, however, to catch the all-time champ, the SirCam worm, still going strong with more than 748,000 interceptions to date.


Related Quotes
Quotes delayed 20+ minutes

  SYMANTEC CORP SYMC 37.50 3.87

Quote Lookup  Symbol Lookup 

E-mail story Print story Send us news tips


 Search
 
   

Latest Headlines
display on desktop
Gorilla lovers beat chests in domain clash
Nasdaq tallies best gain in a year
Commentary: HP's PC plans
Microsoft witness: Innovation hurt by fix
New HP tightens grip on handheld market
NEC desktop quiets down
Nokia plea: Lower licensing fees
House panel raises cost of cybercrime
Putting 3G back on track
DoCoMo profit withers on write-downs
Terra cutbacks narrow first-quarter losses
IBM unveils tools--with rivals in mind
Global Crossing showered with offers
Tribunal examines Vivendi piracy claim
The new HP: Survival in a shrinking market
Wall Street talks up HP
Revamping radiation standards
Exec stands behind Vivendi
Motorola lands set-top deals
Becoming a .pro has its price
This week's headlines

News Tools
Get news by PDA
Get news by mobile
Listen live to CNET Radio

CNET News.com Newsletters
Stay on top of the latest tech news. 
News.com Daily Dispatch
News.context (weekly)
Investor Daily Dispatch


More Newsletters

Send us news tips | Contact Us | Corrections | Privacy Policy

   Featured services: Hot spring products | Find Tech Jobs | Memory upgrades | Catch up | WebFerret | Office products   
  CNET Networks:CNET | GameSpot | mySimon | TechRepublic | ZDNet About CNET  

Copyright ©1995-2002 CNET Networks, Inc.All rights reserved. CNET Jobs