RealTime IT News

2003 'Worst Year Ever' for Viruses, Worms

In no other year have computer viruses and worms wreaked so much havoc and caused so much damage as in this past year, according to security analysts.

And the stakes are only getting higher as we go forward.

''This has been the worst ever,'' says Ken Dunham, director of malicious code at Reston, Va.-based iDefense Inc. ''Without a doubt, malicious code came to a massive head in 2003... we saw a huge impact of malicious code on infrastructure. We had seen worms cause some disruption before, but mostly they'd been an annoyance. Now infrastructure is being impacted.''

In 2003, viruses and worms not only caused billions of dollars in damages and clean-up costs. They went so far as to shake the Internet's backbone. They slowed down travel, halted 911 calls, and knocked out ATM machines. From the Slammer attack in January to the MSBlaster and Sobig family that attacked in August, it was one rough year.

''This year was definitely the busiest one on record for us,'' says Chris Belthoff, a senior analyst at Sophos, Inc., an anti-virus and anti-spam company based in Lynnfield, Mass. ''We started with Slammer in January and then we had BugBear in June. At the time, people thought that was pretty bad. But then the major event of the year was the one-two punch of Blaster and Sobig in August. They were very different -- one spread machine to machine and the other was a mass-mailing worm -- but both very damaging.

''When the infrastructure was impacted, it was significant because it causes problems for how our country operates,'' says Dunham. ''And it shows how vulnerable we are. Imagine an attack that affects ATMs right before Christmas. There could be huge cause for concern.''

Dunham says the year started off with a bang -- a malicious bang -- when Slammer was released in the wild, delaying airline flights, bringing down a 911 system and stressing the Internet's backbone. Everyone thought worms had hit a new high in destructive capability. But that was early in the year. Much worse was still to come.

August was the worst month on record for virus and worm attacks, according to several anti-virus companies.

MS Blaster hit the wild with a vengeance, exploiting a flaw with Microsoft Windows' Remote Procedure Call (RPC) process, which controls activities such as file sharing. The flaw enabled the attacker to gain full access to the system. The vulnerability itself, which affects Windows NT, Windows 2000 and Windows XP machines, affects both servers and desktops, expanding the reach of any exploit that takes advantage of it.

What made it a major problem was the fact that the vulnerability affected servers and desktops in such popular operating systems, there were potentially millions of vulnerable computers out there.

But then along came the Sobig family of viruses.

The Sobig family hit the Internet hard, flooding email servers and inboxes. Corporate networks staggered under the barrage with network access slowing to a crawl, and some email systems being taken temporarily offline to stop the siege.

Sobig-F has been named the fastest spreading virus in the industry's history. The latest report estimates that Sobig has caused 36.1 billion in damages.

Sobig-F unquestionably wins the dubious title of 'Worm of the year','' says Belthoff. ''It spread more ferociously than any virus ever seen before, swamping email inboxes. Some companies reported seeing hundreds of thousands of infected emails every day.''

Change in Motive Ups the Ante

Analysts say what has struck them the most is the change in motive for the virus authors. Virus writers basically created the malicious code to make a name for themselves in the underground hacker world. The bigger the chaos they created, the bigger their infamy.

But this year, analysts saw a disturbing change.

''Viruses and worms are being written now for financial gain,'' says Steve Sundermeier, vice president of products and services at Central Command Inc., an anti-virus company based in Medina, Ohio. ''They're prodding users, or phishing, for credit card information, bank account information, Social Security numbers. The worms are better disguised because they've upped the ante since they're writing for criminal purposes now... It makes it a lot harder to fight.''

Dunham notes that this is a significant progression in the malicious code world.

''It's not just people who play around anymore,'' he adds. ''This is creating a market for organized crime. Credit cards. Passwords. They're looking for anything they can use to dupe the victim.''

And all the analysts agree that there's more of this to come.

''There's a lot of new tactics, new procedures,'' says Sundermeier. ''We're not talking about the worst case scenario being that you have to reformat your hard drive. You could lose your livelihood. You could lose your bank information, credit card information, Social Security numbers. It's a lot more severe now.''