Wednesday, May 22, 2024

Study: Virus Attacks Up But Infections Hold Steady

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Last year more — and more dangerous — viruses raced across the Internet than ever, according to a new study.

The good news is that while more companies were infected last year than in 2002, the growth

in infections is actually lower than in recent years.

”I think it’s a good news/bad news thing,” says Larry Bridwell, a content security

programs manager with ICSA Labs, a division of TruSecure, a risk management company based

in Herndon, Va. ”The bad news is that we’re seeing more and more viruses, and they’re more

dangerous than ever before. The good news is that we’re doing things to mitigate against

that risk.”

The 9th Annual ICSA Labs Virus Prevalence Survey, which collected data from more than 300

medium and large businesses and government agencies, shows that the flood of virus attacks

on corporate and consumer networks is increasing at a torrential rate. The survey shows

that 88 percent of respondents think that malicious code is ‘somewhat worse or much worse’

than 2002, with only 12 percent stating the situation was ‘the same or better’ in 2003.

And the numbers back that up.

The approximate 300 companies surveyed reported 2.7 million virus encounters in all of

2003. That translates into 201 virus encounters for every 1,000 machines every month. And

those encounters brought on 108 infections for every 1,000 machines every month.

The survey also shows that the infection rate is flattening. From 1996 through 2000, there

was a 12 percent increase in infections every year. However, between 2001 and 2003, that

infection rate only increased by 2 percent or 3 percent each year.

”Due diligence has obviously been helping,” says Ken Dunham, director of malicious code

at iDefense, Inc., a security and anti-virus company. ”People are starting to make a clear

association between the cost of doing business and the interruptions that viruses cause.

They’re realizing that if they have to send users home because the network is down or if

clients can’t access their Web site, the cost is dramatic…. They’re taking more steps to

protect themselves.”

Bridwell, who worked on the survey, says the number of encounters is dramatic when you

consider that every encounter means that an IT worker had to do something to ward off


”An encounter means that they had to deal in some way with the virus,” says Bridwell.

”Maybe they had to block something or filter an email attachment. Maybe a salesman got a

virus on his laptop and it didn’t infect the network but it had to be cleaned up.

”We’re seeing a spike in how much companies have to defend against,” he adds.

And Bridwell says the survey also shows that the viruses rolling across the Internet are

more dangerous than ever.

”These viruses are designed to attack specific vulnerabiliti3s in networks and operating

systems,” says Bridwell. ”They’re also being designed to spread faster and they’re more

complex. They have SMTP engines and they’re carrying backdoor Trojans.

That increase in sophistication means that when a company gets it, they’re more frequently

getting hit really hard.

The survey shows that 92 of more than 300 respondents reported virus disasters in 2003, an

increase of 15 percent over 2002. For an event to qualify as a virus disaster, there must

be 25 or more PCs or servers infected at the same time with the same virus, or a virus

incident causing significant damage or monetary loss to the company.

The report also shows that malicious code is costing organizations lots of money. In 2003,

disaster recovery costs increased by 23 percent to almost $100,000 per organization per


Carole Theriault, a security consultant with Sophos, Inc., an anti-virus and anti-spam

company with its U.S. base in Lynnfield, Mass., says a large part of the danger comes from

the quickening pace that viruses are being released and at the lightening fast rate they’re

traveling across the Internet — and across corporate networks.

”The new threat is the sheer amount of traffic coming in,” says Theriault. ”Last August,

Sophos was receiving 400,000 copies of Sobig at its gateway. We have lots of bandwidth and

we could handle lots of traffic, but it still slowed us down. It’s like a 100,000 people

trying to get into Wal-Mart at the same time.”

Theriault points to MyDoom, Netsky-D and Sober-C as examples of big viruses that travel

fast, creating a lot of havoc in their wake.

But Bridwell also says that most of last year’s virus trouble could have been nipped at the

bud by simply stopping executable attachments from entering a network.

”What this says is that the virus writers are doing a better job of writing viruses and

fooling people into wanting to click on the attachments,” says Bridwell. ”We need to

filter out those attachments because they’re spoofing the sender’s address. They’re making

it look like the email came from the user’s own company. Let’s remember that a lot of end

users have only been using computers for eight, 10 or 15 years, and there’s a lot of

education still to be done to understand what the dangers are, and what the risks are.”

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles