Virus attacks subsided in April
Virus activity subsided to a recent low in April, despite fears of an online "cyberwar" triggered by the war in Iraq, according to antivirus vendor Trend Micro Inc.
In a statement, the company said it had issued only eight advisories in April, down from 22 in March and the fewest of any month this year.
All were low-level alerts.
Even before the actual fighting in Iraq ended in mid-April, the so-called "cyberwar" appeared to have run its course, which in any case was little more than an outbreak of "cyber-graffiti," Trend Micro (www.trendmicro.com/vinfo/) said.
Hacker activity escalated with the onset of war in March, but the attacks were generally minor, low-tech exploits such as defacing webpages, along with a few denial of service (DoS) attacks.
No major attacks on the Internet infrastructure or significant disruptions of Internet traffic were reported.
Virus writers unleashed several very minor threats supposedly related to the war in Iraq, but the last one, VBS_LISA.A, arrived on April 1.
Subsequent new threats in April resorted to a variety of "social engineering" tricks, none too successfully, the company said.
The Cult.C worm (Worm_Cult.C, a/k/a W32/Cult.worm.gen) claimed to be an e-card from a leading vendor, while the Horsman.A worm (Worm_Horsman.A, a/k/a W32/Fourseman@MM) claimed to be a "very important patch" from Microsoft Corp.
Towards the end of the month, the Coronex worm (Worm_Coronex.A, a/k/a W32/Coronex.worm) grabbed some media attention by purporting to be a warning about the SARS biological virus.
The worm apparently never spread "in the wild" however and was not likely to have gone very far if it had, owing to bugs in its code, the company said.
Trend Micro's list of the 10 most common viruses detected in April was mainly populated by long-running "mixed threats" such as FunLove, Klez.H and Yaha.G and K.
These persistent threats remained in circulation because they had large bases of infected home users, and/ or they were difficult to eliminate and easily reinfected corporate networks.
However, a newer threat topped the list in April: The Lovegate.F worm (Worm_Lovgate.F), which only emerged in March.
This recent variant of the Lovegate family may owe its "success" to its incorporation of numerous worming characteristics in one nasty package.
"Lovegate.F includes some of the dirtiest tricks in the book -- dropping files in shared drives, replying to all received mail messages, parsing Internet cache directories for addresses, providing backdoor remote access, and launching brute force password dictionary attacks, among others," said Jamz Yaneza, senior antivirus consultant for TrendLabs, Trend Micro's research and support network.
"It's a killer combination and could lead to the repeated reinfection of networks if their antivirus solution does not include thorough cleaning and the correct reversal of registry modifications."
^macro[showdigestcomments;^uri;Virus attacks subsided in April]