Last Year’s Security Problems May Balloon in 2004

If 2003 was the worst year in the history of the computer industry for viruses and spam,

hold onto your hat. This year, according to security experts, is setting up to see the

malicious problems that appeared last year grow and fester into major security problems for

2004.

The malicious marriage of spam and viruses. Virus writers working to make a buck instead of

making a name for themselves in the black hat world. Spam and viruses becoming more of a

heightened security issue than ever before.

These are just some of the predictions from the anti-virus and anti-spam community for the

coming year. They’re all problems that got a foothold in 2003. And from what the security

experts are saying, these problems will only mature and expand in the new year.

”Yes, I definitely see a continuation of the same for this year,” says Scott Olson, a

senior vice president with Austin, Texas-based WholeSecurity, an anti-virus company that

focuses on trojans and backdoors. ”Without a doubt we’re going to see more and more

evolution in these viruses… The damages from these types of attacks are becoming more

real. Companies are losing a ton of money because of down time on their networks, and

intellectual property theft. And customers are becoming victims of identity theft through

faked emails and Trojan horses.”

Viruses and worms caused a lot of damage in 2003. Computer Economics Inc., for instance,

estimated that the SoBig virus cost businesses more than $1 billion in losses, while mi2g, a

security and digital risk management company based in London, placed costs at a whopping

$36.1 billion when losses in productivity and business were factored in. With the MSBlaster

worm, it was hard to calculate a final damage cost but Computer Economics took a stab and

figured that the damages rang in at $500 just within the first few days of the virus’

release.

Beside the increase in financial damage, there were a few major turning points in the virus

world last year.

First off, there was a change in motive. For years, virus authors wrote malicious code

because they wanted the prestige, the name recognition, in their underground community.

Authoring a major virus, one that got worldwide attention or crippled a major company’s

network even for a few minutes, brought underground glory.

But last year, black hats began writing malicious code aimed at lining their wallets, not

their trophy rooms. Viruses dropped Trojans and opened back doors so the author could pilfer

critical information, like user names, passwords, Social Security numbers and bank account

information.

That made the game more dangerous, more malignant. Instead of crashing a computer for a few

minutes or leaving a sarcastic message on a Web site, people were in danger of losing their

life savings.

And as that change was happening, another one was coming to light.

Virus writers were teaming up with the security community’s other arch nemesis — spammers.

Think of the mess. Overnight, spam went from pitching Viagra and get-rich-quick schemes to

tricking hapless email users into hanging out their critical financial information. The

spammers were ‘phishing’ for financial information, and the virus writers were helping them

do it.

”It’s not so much about boasting that someone wrote a virus anymore, or getting your name

out as a hacker,” says Steve Sundermeier, vice president of products and services at

Central Command, an anti-virus company based in Medina, Ohio. ”It’s more about committing

these white collar crimes. They’re obtaining credit card information and then it becomes a

clear cut crime… I personally see more of this happening this year.”

Many analysts also say that viruses and spam are no longer the realm of the techies alone.

With money to be made, organized crime is increasingly getting in on the game. And that is

upping the ante for those being baited into divulging their critical information, and for

those fighting the problem.

And Sundermeier says that means anti-spammers and those in the anti-virus community are

increasingly working with law enforcement.

”There’s definitely going to be a lot of migration between the anti-virus industry and law

enforcement and the FBI,” he adds. ”We saw this start with Microsoft putting a bounty on

hackers’ head. We saw the arrest of the guy who wrote the Blaster variant. You’ll see a lot

more collaboration between anti-virus and law enforcement.”

And with people’s life savings or livelihoods on the line, there’s more pressure on the

security community to be swift and sure in their work.

”It’s kind of sad, but there’s a new reality to it,” says Sundermeier. ”Not only do we

feel more important but it’s a lot of pressure and added stress on us to turn around these

virus signatures. If we have code for a new variant of Sobig… now we’re talking about

people’s livelihood and huge financial loss. It’s more stressful.”

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web