March Virus Madness Strains IT Managers

March was a stressful month for IT and security managers as they struggled to keep up with the roaring torrent of new viruses hitting as often as three or four times a day.
March was a stressful month for IT and security managers as they struggled to keep up with the roaring torrent of new viruses hitting as often as three or four times a day.

Industry analysts say high-tech managers have been under great strain in the past month or two as they worked feverishly to keep their networks bug free. The Netsky and Bagle virus families were mostly to blame, with nearly 50 variants between them being hitting the wild.

''We've never seen anything quite like this,'' says Ken Dunham, director of malicious code at iDefense, Inc., a security intelligence company based in Reston, Va. ''The war between these two viruses is quite significant... There was a synergy in these two viruses hitting at the same time. It became an issue of pride and the war broke out.''

That war of viruses has meant that variants have appeared, rolling through the wild, nearly on top of each other. Multiple variants have even hit on the same day. And since each variant is different enough to warrant an update in detection systems and anti-virus software, each variant has called for an emergency update. That has kept the anti-virus community and IT and security managers hopping.

''What's keeping this going is that the actual pool of compromised machines is so great,'' says Steve Sundermeier, vice president of products and services at Central Command Inc., an anti-virus company based in Medina, Ohio. ''They're using those machines, and they'll use them until the pool is closed. What's worrisome is that other spammers will see this success, and will try the same methods.''

Sundermeier also notes that while it's not totally unheard of, it's rather unusual for a virus, especially two at the same time, to rack up so many variants. The Netsky virus is up to an R variant, and Bagle is up to V. If both viruses keep going, which analysts say they undoubtedly will, they'll move into double letter range. Once a virus has run its course through the alphabet, new variants will receive names such as Bagle.AA or Netsky.AB.

''A huge part of the problem here is that the variants continue to be successful,'' says Sundermeier. ''IT professionals always have to be on alert, and so do we. Every successful variant requires an emergency update... It used to be that you were fine with a daily update. We're posting two, three or four updates in a day, and that kind of strains things.

''You're only as good as your last update,'' he adds.

The Netsky and Bagle viruses not only made the month of March crazy in the virus community, it actually defined it.

Sophos, Inc., an anti-virus and anti-spam company based in Lynnfield, Mass., reported today that the two virus families made up nine out of the top 10 virus rankings for March. MyDoom-A slipped into the tenth spot.

Sophos ranked the top nine viruses as: Netsky-D, Netsky-B, Netsky-C, Bagle-C, Netsky-J, Bagle-E, Netsky-P, Bagle-H and Bagle-J.

The top three Netsky variants racked up a large percentage of the virus-related problems this past month. Netsky-D accounted for 3.2 percent of all reports, while Netsky-B accounted for 12.3 percent and Netsky-C accounted for 11.7 percent.

''The Netsky author wins the dubious accolade of the month's biggest virus, accounting for almost 60 percent of all reports to Sophos, but the biggest losers are the innocent computer users who have been caught in the crossfire of the Netsky/Bagle spat,'' says Carole Theriault, security consultant, Sophos.






0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.