The number of worms and viruses handled by the Lab's virus wall reached what was nearly an all-time high last month. A total of 123,654 worms and viruses, almost all of which target Windows systems, were detected and eradicated. In contrast, the number in October was 110,089. The Netsky.P worm was once again most prevalent with 49,236 copies found and deleted (though the number was down from 58,943 the month before).

The new Beagle.AU (W32.Beagle.AU@mm) worm placed second with 13,725 copies found and eradicated. A mass-mailing worm, it arrives as a message from a spoofed email address. The subject line is: "Re:," "Re: Hello," "Re: Hi," "Re: Thank you!," or "Re: Thanks :)" and the message body always reads ":))." The name of the attachment is ""Price," "price," or "joke" and the extension is .exe., .com, .cpl, or .scr. If the attachment is opened, Beagle.AU copies itself into the victim Windows system. It then attempts to download an executable file from several URLs; if successful, it executes it. Beagle.AU attempts to delete anti-virus and other security-related software and to kill processes that run in connection with such software. It also creates a backdoor on TCP port 81 and a random UDP port, makes changes to the Registry of the system to ensure that it will start whenever it boots, and creates a mail engine that spews mail to addresses that it finds in the infected system's address books. If your system becomes infected by Beagle.AU to discover how to clean your system.

The Beagle.AV worm, also new on the scene, came in third with 10,760 instances identified and eradicated. This worm is virtually identical to Beagle.AU, except that the name of its executable is different and also that it makes more Registry changes. Go here for an explanation on how to eradicate this worm.

Another mass-mailing worm, Erkez.D, is another troublesome newcomer. It arrives as a message from a falsified address with a subject line such as "Merry Christmas!," "bolddog karacsony...," "Feliz Navidad!," and "Weihnachten card." Examples of messages are "Happy HollyDays! <sender name>," "Feliz Navidad! <sender name>," and "Joyeux Noel! <sender name>," where <sender name> is an email address. Cute graphics are included in the message. Attachments have a .bat, .cmd, .com, .pif, or .zip extension. Individuals who open any of these attachments infect their Windows systems, causing Erkez.D to write itself into the system folder, change Registry settings, disable certain processes that provide security, and open up a port (TCP 8181) that attackers can use for back door access.

Here's some advice that will help your Holiday Season be more trouble-free: don't open any attachment that are not expecting, even if it appears to be from someone you know. And update your anti-virus software every day.