SoBig.F, Blaster, Nachi and MiMail — the most frequently occurring viruses in August — helped make last month the worst in the history of computer security, according to antivirus firm Sophos.
The business-focused antivirus company, in its monthly virus ranking, pegged the newest viruses as the top four, with SoBig garnering a whopping 37.6 percent of submissions and Blaster accounting for 18.8 percent. Nachi and MiMail represented more than 5 percent of submissions each, with Yaha, Klez, Bugbear.B and others rounding out the list.
“It’s just an indication there’s been a step up in the amount of virus activity in the last 6 to 12 months,” Sophos senior security analyst Chris Belthoff told TechNewsWorld. “It’s just a sign of what we expect in terms of what’s to come.”
Straight to the Top
Belthoff said the MiMail worm of early August likely would have been the top virus in any other month, but it was overshadowed by Blaster and SoBig, which experts blamed for a pile-on effect that left corporate and consumer users scrambling.
By using different techniques to spread and capitalizing on different weaknesses, the Blaster and Nachi outbreaks paved the way for SoBig to propagate and clog e-mail servers, according to Belthoff.
“There were two completely different methods of attack,” he said. “[SoBig] was a completely different security animal to deal with, so you had people jumping from one issue to another. Unfortunately, we expect this type of activity to continue.”
While the newest viruses and worms illustrate increased sophistication, typical targets such as consumers and small businesses also are becoming more savvy in their efforts to block and isolate virus threats, according to IDC.
The research firm said antivirus software was a primary security spending area, accounting for US$2.2 billion in sales in 2002 — a 31 percent increase from 2001. IDC said the growth is likely to continue, particularly in light of such threats as Blaster and SoBig, with antivirus spending expected to reach $4.4 billion in 2007.
IDC research manager Brian Burke told TechNewsWorld that consumer spending on antivirus software is up, accounting for 37 percent of the market and surpassing corporate spending for the first time in 2002.
IDC indicated that while home and small business users remain a primary target of virus writers, they are putting more priority on updating antivirus protection.
Increased awareness of virus attacks — which now employ spamming techniques as well as social engineering tricks to enable propagation — and a rise in monthly subscription renewals are likely to drive growth in the market, IDC said.
“[Consumers] are starting to understand and realize the update-sensitive nature of antivirus software,” Burke said.
The number of antivirus software users might be on the rise, but traditional, signature-based virus defense might not be enough to keep up with quickening threats, ISS X-Force engineering manager Dan Ingevaldson told TechNewsWorld.
Ingevaldson said virus writers seem to be concentrating on the time window — sometimes as short as 5 to 12 hours — for updating virus definitions, which are signatures used to identify and thereby block virus attacks.
“This whole strategy is what we’re going to see in the future,” he said.
In response to the quickening pace of virus attacks, IDC’s Burke said the best defense is a layered security approach that uses antivirus, filtering and proactive techniques such as behavior analysis and heuristics.
“Signature-based antivirus will still play a strong role,” Burke said. “We see signature-based and new, proactive approaches coming together and working together to defend against known and unknown threats.”