Few surprises concerning the number and type of viruses caught by LBNL's virus wall occurred last month. Once again, the destructive Klez.H virus led all others with 7,129 copies of it being detected and destroyed. Klez.F came in second with 135 instances. The various versions of Klez caused so much confusion by falsifying the names of those who sent infected messages that the LBNL virus wall administrators have wisely decided to no longer send alerts to message senders and recipients whenever the virus wall catches Klez-infected messages. In fact, on same days, Klez-infected messages constitute up to 95 percent of all viruses intercepted at the Lab.

The Yaha worm came in third with 120 instances. This new worm is not destructive, but it is starting to spread very rapidly. Targeting Windows systems, it sends itself to addresses it finds in address books. Messages that it sends have randomly selected subjects (such as "loveletter," "resume," and "dailyreport") and random message bodies. Yaha also randomly selects a name of an extension for the file referenced in the subject, although the actual extension of the attachment sent with the message is .bat, .pif or .scr. Yaha also creates a mail server on any system it infects and then mails messages containing copies of itself. Like Klez, Yaha also forges email addresses as it spreads itself, so the Lab's virus fighters have also stopped sending out notices of interception.

However, you will still see a notice in the body of an email message when the VirusWall detects a virus and removes it. Sometimes, this can result in you receiving a message that consists only of this notice, since many viruses send a blank message with an infected attachment.

In fourth place was PEMagistr.B. The LBNL virus wall intercepted 73 instances of this worm/virus.

For more information about these and other viruses, visit the virus advisories Web site of Trend Micro, the company that makes the Lab's VirusWall software.

The LBNL virus wall continues to prevent viruses and worms from getting inside LBLnet, but no virus wall, no matter how good, is perfect. That's why it is important for Windows and Macintosh users to run anti-virus software, update it regularly (once a day is strongly recommended), and avoid opening attachments from unknown sources. Read a previous Computing News article about configuring your Mac or PC updates on a daily basis.

However, as part of a test project, about 100 employees are having antivirus updates automatically "pushed" to their computer. If you're part of this pilot effort, you won't be able to change your update schedule. You can determine this by looking at the Live Update button, which will have a small padlock icon next to it.

One of the best resources for information about viruses is the Vulnerabilities page maintained by the Lab's Computer Protection Program.