The LBNL virus wall stopped 1,056 potential infections by viruses and worms last month. The Klez.H worm was the most prevalent, with 889 instances detected and eradicated.

The Gibe worm came in a distant second with 58 instances caught and eradicated. This worm is being sent in hoax messages that claim to be a Microsoft bulletin concerning vulnerabilities in Microsoft Outlook and Internet Explorer. The subject line of infected messages generally reads "Internet Security Update;" the content instructs users to execute an attached file named q216309.exe (or something similar). The attachment is the Gibe code which, if executed, infects a system and then uses Outlook and a custom SMTP engine to spread itself to other systems. The Gibe worm also inserts a Trojan horse in infected systems, allowing attackers to gain back door access to these systems. Read the instructions for eradicating the Gibe worm.

The previously described Eicar_test_file worm was a distant third with 26 instances caught and removed.

Although not found frequently by the LBNL virus wall so far, the new Deloder (W32.Deloder-A or W32.HLLW.Deloder) worm is proving to be a growing threat. This worm launches a "brute force" attack, sending one easy-to-guess password after another in an attempt to access shares on Windows systems such as Windows 95, 98 and Me and to gain access to administrator accounts on other Windows systems such as Windows NT, 2000 and XP. If the worm enters the correct password, it inserts a back door named "inst.exe" and changes the registry of the infected machine so that Deloder will start every time the infected system boots. Be sure to delete all unneeded shares, and if you need to have shares, ensure that each is password protected with a strong (difficult-to-guess) password. Also be sure that every account on your Windows system has a strong password.