Report: Last Year Was Worst Ever for Viruses

Last year was the worst year ever for vulnerabilities, says anti-virus software maker F-Secure, in part because virus writers and spammers got together. Here's what you can do to prepare.

Last year was quite a year: 7,000 new worms and viruses, including Blaster, Bugbear.B, Sobig.F, Swen, and, of course, Slammer, upped the total number of known threats to 90,000. While 2002 was better than 2001, this last year wasn’t.

“The worst year in virus history,” Mikko Hypponen, director of anti-virus research at anti-virus software maker F-Secure, calls it. Hypponen details why in the new “F-Secure Data Security Summary for 2003" (see

In particular, August was the worst month, with Blaster, Mimail, Sobig.F, and Welchi clogging the Internet, making life difficult for home and business users alike.

One reason the year was so bad: virus writers and spammers got together. Viruses have mutated beyond being just a desktop threat. Sobig, for example, demonstrates collusion between virus writers and spammers, since after infection it turned PCs into e-mail proxy servers, giving spammers an outlet for their spam. Each version also deactivated to make way for the next generation. Ultimately, Sobig.F was also “the worst e-mail worm ever, sending over 300 million infected e-mail messages around the world,” says Hypponen. “Our enemy used to be amateurs who wrote viruses for the fun of it. Now viruses are generated by spammers, who develop viruses professionally.”

In the past, why a worm was designed was often a mystery; damage was often minimal. Now, however, more worms collect e-mail addresses by going through PC users’ address books, then e-mail those addresses to spammers. Some worms, such as Sobig or Slanper, also turn computers into e-mail proxy servers, so spam can’t be traced back to the spammer. F-Secure estimates half of all spam is sent through infected home computers.

The rapid spread of viruses also complicates life for critical-infrastructure industries run on PCs. Blaster, for example, has been linked to the Midwest and northeastern United States power blackout. Though the exact causes are still under investigation, security experts have noted the curious timing of the blackout, as well as the odd behavior of the PCs monitoring the power grid—which should have sounded alarms for managers—as probable evidence of Blaster-infected computers. At the least, Blaster seemed to slow response.

Slammer was another worm that disrupted the Internet and the country's infrastructure. F-Secure notes that “damage included automatic teller machine networks crashing, international airports air control systems slowing down, emergency phone systems going down, and even a nuclear power plant's crucial computer monitoring system compromised.” Again, this behavior—clogging the Internet—was merely the by-product of a fast-spreading worm, but unfortunately it's becoming more common with latest-generation, rapidly spreading worms.

So what can information security managers expect for 2004? “Hackers, activists, industrial spies, terrorist groups and organized crime” will increasingly be behind network attacks, predicts Hypponen. Also, “attacks against data systems will increase and become more and more professional.”

To combat rising threats, F-Secure recommends security managers first do these four things: always keep systems patched, deactivate computers not in use (to sever their network connection), keep anti-virus software up to date, and ensure every computer has a personal firewall running.

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.