The number of new viruses being written is on the upswing in the first six months of this year, with the Bugbear-B worm leading the digital attack and the family of Sobig worms causing major havoc.

Nearly 3,860 new viruses have been detected in the first six months of 2003, marking a 17.5 percent increase over the same time period last year, according to a new report from Sophos, Inc., an anti-virus software company. The report also notes that the Bugbear-B worm has been the most prevalent virus since January, accounting for almost 12 percent of the reports made to Sophos.

Sophos analysts say it's an impressive -- if notorious -- ranking since Bugbear-B was first detected only a few weeks ago in early June. Its predecessor, Bugbear-A, garnered another 2.5 percent of the reports.


''Bugbear-B entered the frame late, but nevertheless it has generated more enquiries than any other virus in the last six months,'' says Graham Cluley, senior technology consultant for Sophos. ''By morphing its contents every time it forwards itself -- and by spoofing the email address of the person who sent the virus -- Bugbear-B has been the most prevalent and irritating virus so far this year.''

On Sophos' list of most troublesome viruses, Sobig-C came in second, with 9.7 percent of reports. Klez-H came in third with 8.4 percent; Sobig-B came in fourth with 5.3 percent, and Sobig-A came in fifth with 3.3 percent.

Sobig and all its variants have posed quite a problem in the last six months. Five Sobigs have been released this year. Sobig-C was highly notable as it came in second on the virus list even though it had a limited Window for infection. The variant was designed to fall dormant just one week after it was released. To be ranked in second place means it caused a lot of havoc in a very short time period.

Sophos analysts report that, combined, the Sobig worms have had the biggest impact on business networks so far this year.

F-Secure, an anti-virus software company, has raised a warning about Sobig-E, which was first detected on June 25. The virus is ranked as a Level 2 alert under F-Secure radar. It spreads by email with body text that reads: Please see attached zip drive for details.

MessageLabs Inc., another anti-virus software company, reports that 42 percent of Sobig-E's attacks have been in the United States, with 32 percent more occurring in the United Kingdom.

While the Sobigs continue to plague IT managers, Klez-H continues to be a lingering problem. Even though the worm was first detected in March of 2002, it remains the third-most reported worm so far in 2003, according to the Sophos report.

Sophos also reports that eight of the viruses in the top ten are able to spread by more than one method -- using a combination of email, IRC (internet relay chat), network shares and/or P2P file sharing platforms. Virus writers are no longer relying on just email to propagate their malicious code, so IT managers are advised to deploy desktop anti-virus protection, which can detect malicious code regardless of its method of spreading.