In no other year have computer viruses and worms wreaked so much havoc and caused so much
damage as in this past year, according to security analysts.
And the stakes are only getting higher as we go forward.
”This has been the worst ever,” says Ken Dunham, director of malicious code at Reston,
Va.-based iDefense Inc. ”Without a doubt, malicious code came to a massive head in 2003…
we saw a huge impact of malicious code on infrastructure. We had seen worms cause some
disruption before, but mostly they’d been an annoyance. Now infrastructure is being
impacted.”
In 2003, viruses and worms not only caused billions of dollars in damages and clean-up
costs. They went so far as to shake the Internet’s backbone. They slowed down travel, halted
911 calls, and knocked out ATM machines. From the Slammer attack in January to the MSBlaster
and Sobig family that attacked in August, it was one rough year.
”This year was definitely the busiest one on record for us,” says Chris Belthoff, a senior
analyst at Sophos, Inc., an anti-virus and anti-spam company based in Lynnfield, Mass. ”We
started with Slammer in January and then we had BugBear in June. At the time, people thought
that was pretty bad. But then the major event of the year was the one-two punch of Blaster
and Sobig in August. They were very different — one spread machine to machine and the other
was a mass-mailing worm — but both very damaging.
”When the infrastructure was impacted, it was significant because it causes problems for
how our country operates,” says Dunham. ”And it shows how vulnerable we are. Imagine an
attack that affects ATMs right before Christmas. There could be huge cause for concern.”
Dunham says the year started off with a bang — a malicious bang — when Slammer was
released in the wild, delaying airline flights, bringing down a 911 system and stressing the
Internet’s backbone. Everyone thought worms had hit a new high in destructive capability.
But that was early in the year. Much worse was still to come.
August was the worst month on record for virus and worm attacks, according to several
anti-virus companies.
MS Blaster hit the wild with a vengeance, exploiting a flaw with Microsoft Windows’ Remote
Procedure Call (RPC) process, which controls activities such as file sharing. The flaw
enabled the attacker to gain full access to the system. The vulnerability itself, which
affects Windows NT, Windows 2000 and Windows XP machines, affects both servers and desktops,
expanding the reach of any exploit that takes advantage of it.
What made it a major problem was the fact that the vulnerability affected servers and
desktops in such popular operating systems, there were potentially millions of vulnerable
computers out there.
But then along came the Sobig family of viruses.
The Sobig family hit the Internet hard, flooding email servers and inboxes. Corporate
networks staggered under the barrage with network access slowing to a crawl, and some email
systems being taken temporarily offline to stop the siege.
Sobig-F has been named the fastest spreading virus in the industry’s history. The latest
report estimates that Sobig has caused 36.1 billion in damages.
Sobig-F unquestionably wins the dubious title of ‘Worm of the year’,” says Belthoff. ”It
spread more ferociously than any virus ever seen before, swamping email inboxes. Some
companies reported seeing hundreds of thousands of infected emails every day.”
Change in Motive Ups the Ante
Analysts say what has struck them the most is the change in motive for the virus authors.
Virus writers basically created the malicious code to make a name for themselves in the
underground hacker world. The bigger the chaos they created, the bigger their infamy.
But this year, analysts saw a disturbing change.
”Viruses and worms are being written now for financial gain,” says Steve Sundermeier,
vice president of products and services at Central Command Inc., an anti-virus company based
in Medina, Ohio. ”They’re prodding users, or phishing, for credit card information, bank
account information, Social Security numbers. The worms are better disguised because they’ve
upped the ante since they’re writing for criminal purposes now… It makes it a lot harder
to fight.”
Dunham notes that this is a significant progression in the malicious code world.
”It’s not just people who play around anymore,” he adds. ”This is creating a market for
organized crime. Credit cards. Passwords. They’re looking for anything they can use to dupe
the victim.”
And all the analysts agree that there’s more of this to come.
”There’s a lot of new tactics, new procedures,” says Sundermeier. ”We’re not talking
about the worst case scenario being that you have to reformat your hard drive. You could
lose your livelihood. You could lose your bank information, credit card information, Social
Security numbers. It’s a lot more severe now.”