Sunday, May 19, 2024

November a Record Breaker for Virus Attacks

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Led off by a virulent Sober worm, November was another record-breaking

month for malware attacks, according to security analysts.

Central Command, Inc., an anti-virus and anti-spam company based in

Medina, Ohio, stopped 150 percent more infectious emails in their

anti-virus filters than they did in October, which was a record-breaking

month in its own right. And this past November saw 185 percent more virus

outbreaks than November of 2004, according to Steve Sundermeier, a vice

president with Central Command.

”It was a bad month,” says Sundermeier. ”The number of viruses

increased in November but the actual volume of malware was significantly

higher because of Sober, which we have as accounting for one in 17 emails

last month.”

Actually, the Sober-AI variant was the most prolific worm for all of

November, accounting for 64.58 percent of all malware plaguing the

Internet, according to analysts at Central Command. The rest of the top

five came in far behind their malicious ranking leader: Mytob-IU came in

second accounting for 2.66 percent of all malware; Mytob-NO was third

with 2.49 percent; Mytob-NX was fourth with 2.31 percent, and Netsky-D

was fifth with 2.20 percent.

Sophos, Inc., an anti-virus and anti-spyware company with U.S.

headquarters in Lynnfield, Mass., has a similar top five list. Sophos

analysts give the malware this ranking: Sober-Z took first place with

42.9 percent; Netsky-P was second with 8.1 percent; Mytob-GH was third

with 6.8 percent; Mytob-EX was fourth with 4.5 percent, and Zafi-D was

fifth with 4 percent. (Keep in mind that different vendors often assign

the same variants slightly different names.)

”Since we saw the first Sober worm back in October 2003, its author has

tried to improve upon tried-and-tested tricks to dupe computer users into

launching infected attachments,” says Carole Theriault, senior security

consultant at Sophos, in a written statement. ”This latest worm claims

to be a warning from CIA and FBI agents, accusing recipients of visiting

illegal Websites. Mocking the feds is a sure-fire way of goading the

authorities, and you can’t help but wonder whether the author is

desperate to be caught.”

Sundermeier tells eSecurityPlanet that Sober-AI isn’t a new and

super piece of malicious code — it’s simply well-designed.

”It’s author didn’t reinvent the wheel but it uses a combination of

several factors,” says Sundermeier. ”It reproduces very easily. Lots of

times we see little coding flaws in the propagation routines and that

didn’t exist with this version. It used its own SMTP engine, and it was

good at harvesting email addresses from compromised machines… It just

works really well.”

Mytob is crowding top five lists simply because of sheer volume, says

Sundermeier. There are hundreds of Mytob variants on the Internet at this

point and that makes for a lot of infected machines. And that means it’s

easier for the new variants to get a foothold and spread quickly around

the globe.

And Sundermeier says he’s predicting an active December.

Sober-AI continues to dominate, he notes, pulling down big numbers as the

month begins. ”And December has been known in the past to be a bad month

for virus activity,” Sundermeier adds. ”At the least, we generally see

something new. In December of 2004, we had the Zafid worm and that topped

the charts for a while. In December of 2003, we had another Sober variant

released and that topped the charts for the month. And lately we have

this trend where every month outdoes the last in terms of total volume.”

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles