Virus writers busily scribbled code during the first half of 2004,introducing 4,677 new viruses into the wild, a 21 percent increase overthe same period last year, according to a report released by Sophos, aninternational maker of antivirus and antispam software.
“There’s a greater interest in writing viruses than ever before,” SophosSenior Technical Consultant Graham Cluley told TechNewsWorld. “Thereason for that is that virus-writing is increasingly about makingmoney,” he explained.
He noted that an increasing number of viruses are being designed tosteal information from computers, such as credit card and online bankingdata.
“The other thing is more and more viruses are opening up backdoors on PCs to allow hackers to gain control of your computer,” he continued.
That allows hackers to create a “zombie army” of compromised computersthat can be used for a variety of mischief, such as launching denial-of-service attacks against Web sites or serving up mass helpings of spam, he explained.
About 40 percent of all spam is mailed from such zombies, he said.
30 Viruses a Day
On average, about 30 new viruses appear every day, he estimated, but fewspread very far. “Antivirus software has a large part to play in that,”he maintained.
Sill, the level of virus activity during the period has kept virusfighters busy.
“Years ago we made monthly updates to our software,” Steven Sundermeier,vice president for products and services for Central Command, anantivirus software maker in Medina, Ohio, told TechNewsWorld. “Thatevolved into weekly updates. Now everyone is standardized on dailyupdates. But this year we’ve had to sometimes upgrade our software twoor three times a day,” he said.
Sasser on Top
According to Sophos, which is headquartered in Abingdon, a community near Oxford in the UK, the most common occurring virus during the firstsix months of 2004 was Sasser, followed by variants of Netsky, MyDoom,Zafi, Sober and Bagle.
Cluley noted that except for the Sasser worm, all the top viruses werespread through e-mail attachments.
A computer can be infected with Sasser just by being connected to theInternet because it uses a vulnerability in the Microsoft Windowsoperating system to propagate itself, he explained.
Remarkably, a single German teen-ager — Sven Jaschan, author of Sasser andNetsky who was arrested earlier this year when an accomplice turned him in — was responsible for 70 percent of all the viruses that occurred during the period.
“That’s absolutely staggering,” Cluley said. “No single individual hashad such an impact on the world of computer security in the past when itcomes to viruses,” he said.
“The impact he had with his viruses has encouraged other people — somewith real criminal intent — to jump on the virus bandwagon,” Cluley added.
Although there’s been a great hullabaloo about security holes inMicrosoft products allowing malware authors to sew their seeds ofdeviltry, Cluley pointed out that only Sasser exploits such a deficiency.
“The security problem that they rely on is the bug in people’s brainsthat compels them to double click on an e-mail attachment,” he observed.
“Rather than changing Web browsers left right and center,” he said, “thereal way to have an impact on this problem is for people to upgradetheir thinking a little bit and practice safe computing because we can’tpatch people’s brains.”
In the second half of the year, Cluley predicted more virus writers andspammers would be working together. “Spammers are interested in gaining controlof other people’s computers, and they’re using viruses to do that,” hesaid.
He also expects more criminals to start entering the virus world. “Theywill be opening backdoors for hackers to break into computers and stealinformation,” he envisaged. “That’s a real growth area.”
Central Command’s Sundermeier said he expects more Sasser-like worms to appearin the coming months. “We’ll have attacks that are fileless, that completely revolve around Microsoft vulnerabilities within the operating system,” he said.
No Slowdown Expected
He added that recent vulnerabilities exposed at Google will probablyprompt more attacks at that site as well as other major sites.
Brian Mann, outbreak manager at McAfee Security in Santa Clara,California, told TechNewsWorld that he doesn’t expect virus activity inthe second half of the year to exceed the first half’s. “It’ll probablymatch it,” he said. “I’m hoping it doesn’t exceed it, because I want toget some sleep.”