Two worms appeared near the beginning of the month. W32.Deloder.A targets Windows shares, on TCP port 445, it features a list of simple passwords that are used to attempt to gain access to the target machine. This emphasises the need for defence in depth - it can be blocked by: always setting strong passwords; or by disabling unnecessary shares; or by blocking port 445 at the firewall or personal firewall. It was first seen spreading on 9th March.
CodeRed.F, a trivial variant of earlier the Code Red worm, hit just two days later, on 11th March. The fact that it was able to spread at all suggests that many IIS servers have been installed without the preventive patches since the last outbreak.
Unusually, two buffer overflow vulnerabilities were announced in Sendmail, on 4th and 31st March. Either could allow the affected host to be compromised. Upgrade to Sendmail 8.12.9 is strongly recommended.
A critical vulnerability in the WebDAV component of Microsoft Internet Information Services (IIS) was announced in MS03-007. Microsoft has issued a patch.
W32/Klez.H-mm is still the most prevalent virus in email, MessageLabs is stopping about 11 thousand messages infected with it per day.