Monday, July 22, 2024

2003 ‘Worst Year Ever’ for Viruses, Worms

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

In no other year have computer viruses and worms wreaked so much havoc and caused so much

damage as in this past year, according to security analysts.

And the stakes are only getting higher as we go forward.

”This has been the worst ever,” says Ken Dunham, director of malicious code at Reston,

Va.-based iDefense Inc. ”Without a doubt, malicious code came to a massive head in 2003…

we saw a huge impact of malicious code on infrastructure. We had seen worms cause some

disruption before, but mostly they’d been an annoyance. Now infrastructure is being


In 2003, viruses and worms not only caused billions of dollars in damages and clean-up

costs. They went so far as to shake the Internet’s backbone. They slowed down travel, halted

911 calls, and knocked out ATM machines. From the Slammer attack in January to the MSBlaster

and Sobig family that attacked in August, it was one rough year.

”This year was definitely the busiest one on record for us,” says Chris Belthoff, a senior

analyst at Sophos, Inc., an anti-virus and anti-spam company based in Lynnfield, Mass. ”We

started with Slammer in January and then we had BugBear in June. At the time, people thought

that was pretty bad. But then the major event of the year was the one-two punch of Blaster

and Sobig in August. They were very different — one spread machine to machine and the other

was a mass-mailing worm — but both very damaging.

”When the infrastructure was impacted, it was significant because it causes problems for

how our country operates,” says Dunham. ”And it shows how vulnerable we are. Imagine an

attack that affects ATMs right before Christmas. There could be huge cause for concern.”

Dunham says the year started off with a bang — a malicious bang — when Slammer was

released in the wild, delaying airline flights, bringing down a 911 system and stressing the

Internet’s backbone. Everyone thought worms had hit a new high in destructive capability.

But that was early in the year. Much worse was still to come.

August was the worst month on record for virus and worm attacks, according to several

anti-virus companies.

MS Blaster hit the wild with a vengeance, exploiting a flaw with Microsoft Windows’ Remote

Procedure Call (RPC) process, which controls activities such as file sharing. The flaw

enabled the attacker to gain full access to the system. The vulnerability itself, which

affects Windows NT, Windows 2000 and Windows XP machines, affects both servers and desktops,

expanding the reach of any exploit that takes advantage of it.

What made it a major problem was the fact that the vulnerability affected servers and

desktops in such popular operating systems, there were potentially millions of vulnerable

computers out there.

But then along came the Sobig family of viruses.

The Sobig family hit the Internet hard, flooding email servers and inboxes. Corporate

networks staggered under the barrage with network access slowing to a crawl, and some email

systems being taken temporarily offline to stop the siege.

Sobig-F has been named the fastest spreading virus in the industry’s history. The latest

report estimates that Sobig has caused 36.1 billion in damages.

Sobig-F unquestionably wins the dubious title of ‘Worm of the year’,” says Belthoff. ”It

spread more ferociously than any virus ever seen before, swamping email inboxes. Some

companies reported seeing hundreds of thousands of infected emails every day.”

Change in Motive Ups the Ante

Analysts say what has struck them the most is the change in motive for the virus authors.

Virus writers basically created the malicious code to make a name for themselves in the

underground hacker world. The bigger the chaos they created, the bigger their infamy.

But this year, analysts saw a disturbing change.

”Viruses and worms are being written now for financial gain,” says Steve Sundermeier,
vice president of products and services at Central Command Inc., an anti-virus company based

in Medina, Ohio. ”They’re prodding users, or phishing, for credit card information, bank

account information, Social Security numbers. The worms are better disguised because they’ve

upped the ante since they’re writing for criminal purposes now… It makes it a lot harder

to fight.”

Dunham notes that this is a significant progression in the malicious code world.

”It’s not just people who play around anymore,” he adds. ”This is creating a market for

organized crime. Credit cards. Passwords. They’re looking for anything they can use to dupe

the victim.”

And all the analysts agree that there’s more of this to come.

”There’s a lot of new tactics, new procedures,” says Sundermeier. ”We’re not talking

about the worst case scenario being that you have to reformat your hard drive. You could

lose your livelihood. You could lose your bank information, credit card information, Social

Security numbers. It’s a lot more severe now.”

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles