Once again, the LBNL virus wall was incredibly busy as it detected and eradicated 179,487 viruses last month. The Sobig.F worm led all others once more, with 166,489 instances detected and eradicated. This worm embeds itself in an infected mail attachment with an interesting subject. Users who open the attachment infect their systems. Only systems with incorrect system time succumb to this worm now, because Sobig.F is programmed to stop infecting Windows systems on and after September 10, 2003.

The Swen worm placed a distant second, with 9,230 instances of virus wall detections and eradications. Swen tricks unsuspecting users into infecting their Windows systems by sending what appears to be a Microsoft security bulletin announcing a cumulative security patch for Outlook, Outlook Express and Internet Explorer. The alleged "patch" that is attached is actually the Swen program.

The Klez.H worm continued its declining trend with 1,308 instances detected and eradicated. This worm also targets Windows systems by sending mail to addresses it finds in address books and other files in systems it infects. It also "spoofs" the address of the sender, making it appear that someone has sent a worm-infected message even though that person did not. Opening the attachment in the message results in an infection.

The Dumaru.A worm is proliferating with 1,052 instances detected and eradicated. It purports to be a Microsoft bulletin from security@microsoft.com containing a patch (allegedly for Internet Explorer) which, if downloaded, infects Windows systems. The so-called patch is named "patch.exe." Dumaru.A also creates a mail engine that sends infected messages to addresses it finds in files and plants a Trojan horse program that causes the infected system to join a chat channel to receive and execute commands sent by the worm's author.

We've said it before and we'll say it again -- run anti-virus software, keep it up-to-date and avoid opening attachments from suspicious sources!