Virus Attacks Climb 21 Percent in First Half of 2004

Virus writers busily scribbled code during the first half of 2004, introducing 4,677 new viruses into the wild, a 21 percent increase over the same period last year, according to a report released by Sophos, an international maker of antivirus and antispam software.

"There's a greater interest in writing viruses than ever before," Sophos Senior Technical Consultant Graham Cluley told TechNewsWorld. "The reason for that is that virus-writing is increasingly about making money," he explained.

He noted that an increasing number of viruses are being designed to steal information from computers, such as credit card and online banking data.

Backdoor Entry

"The other thing is more and more viruses are opening up backdoors on PCs to allow hackers to gain control of your computer," he continued.

That allows hackers to create a "zombie army" of compromised computers that can be used for a variety of mischief, such as launching denial-of-service attacks against Web sites or serving up mass helpings of spam, he explained.

About 40 percent of all spam is mailed from such zombies, he said.

30 Viruses a Day

On average, about 30 new viruses appear every day, he estimated, but few spread very far. "Antivirus software has a large part to play in that," he maintained.

Sill, the level of virus activity during the period has kept virus fighters busy.

"Years ago we made monthly updates to our software," Steven Sundermeier, vice president for products and services for Central Command, an antivirus software maker in Medina, Ohio, told TechNewsWorld. "That evolved into weekly updates. Now everyone is standardized on daily updates. But this year we've had to sometimes upgrade our software two or three times a day," he said.

Sasser on Top

According to Sophos, which is headquartered in Abingdon, a community near Oxford in the UK, the most common occurring virus during the first six months of 2004 was Sasser, followed by variants of Netsky, MyDoom, Zafi, Sober and Bagle.

Cluley noted that except for the Sasser worm, all the top viruses were spread through e-mail attachments.

A computer can be infected with Sasser just by being connected to the Internet because it uses a vulnerability in the Microsoft (Nasdaq: MSFT) Windows operating system to propagate itself, he explained.

Staggering Achievement

Remarkably, a single German teen-ager -- Sven Jaschan, author of Sasser and Netsky who was arrested earlier this year when an accomplice turned him in -- was responsible for 70 percent of all the viruses that occurred during the period.

"That's absolutely staggering," Cluley said. "No single individual has had such an impact on the world of computer security in the past when it comes to viruses," he said.

"The impact he had with his viruses has encouraged other people -- some with real criminal intent -- to jump on the virus bandwagon," Cluley added.

Computer Practices

Although there's been a great hullabaloo about security holes in Microsoft products allowing malware authors to sew their seeds of deviltry, Cluley pointed out that only Sasser exploits such a deficiency.

"The security problem that they rely on is the bug in people's brains that compels them to double click on an e-mail attachment," he observed.

"Rather than changing Web browsers left right and center," he said, "the real way to have an impact on this problem is for people to upgrade their thinking a little bit and practice safe computing because we can't patch people's brains."

Virus Trends

In the second half of the year, Cluley predicted more virus writers and spammers would be working together. "Spammers are interested in gaining control of other people's computers, and they're using viruses to do that," he said.

He also expects more criminals to start entering the virus world. "They will be opening backdoors for hackers to break into computers and steal information," he envisaged. "That's a real growth area."

Central Command's Sundermeier said he expects more Sasser-like worms to appear in the coming months. "We'll have attacks that are fileless, that completely revolve around Microsoft vulnerabilities within the operating system," he said.

No Slowdown Expected

He added that recent vulnerabilities exposed at Google (Nasdaq: GOOG) will probably prompt more attacks at that site as well as other major sites.

Brian Mann, outbreak manager at McAfee Security in Santa Clara, California, told TechNewsWorld that he doesn't expect virus activity in the second half of the year to exceed the first half's. "It'll probably match it," he said. "I'm hoping it doesn't exceed it, because I want to get some sleep."