The Mimail worm has snatched prime position away from Klez by becoming the fastest spreading Internet menace, according to mail filtering company MessageLabs.
The veteran Klez, which was discovered all the way back in April last year, has slipped to second position in only a week following Mimail's stunning debut as the Internet's new "bad boy" on the block.
The company has detected 143,709 copies of Mimail since 1 August, but the "all time high" prize will probably remain unchallenged for a while longer -- MessageLabs has seized 7,192,232 copies of Klez over the last 18 months or so.
Despite being far less complex than the Klez worm, which used network shares and emails to spread, the Mimail worm uses a social engineering technique to trick a user into opening an attachment.
The message is disguised as an announcement from the target's ISP administrator -- it invariably "spoofs" the address "firstname.lastname@example.org". The attachment itself is a HTML file that exploits a vulnerability in Internet Explorer -- it executes itself and begins to spread.
Far from ripping through corporate systems, both worms have been felt most by home users, says security consultant Daniel Lewkovitz.
"Most domestic users either don't realise that there's more to email security than having up to date anti-virus," he told ZDNet Australia . "Things like Klez have all but disappeared in the corporate world but are still rampant out there."
He says getting the message across to the mums, dads and grandparents is tough -- they simply don't understand that they need to patch their systems.
According to its product security manager George Stathakopoulos, Microsoft is currently conducting an education campaign to better inform users of the risks of running software that isn't up to date, but is being careful not to force the message on people.
Anti-virus researcher Hamish O'Dea of Computer Associates says Mimail's infection rate will probably slip as time moves on.