Last year more — and more dangerous — viruses raced across the Internet than ever, according to a new study.
The good news is that while more companies were infected last year than in 2002, the growth
in infections is actually lower than in recent years.
”I think it’s a good news/bad news thing,” says Larry Bridwell, a content security
programs manager with ICSA Labs, a division of TruSecure, a risk management company based
in Herndon, Va. ”The bad news is that we’re seeing more and more viruses, and they’re more
dangerous than ever before. The good news is that we’re doing things to mitigate against
that risk.”
The 9th Annual ICSA Labs Virus Prevalence Survey, which collected data from more than 300
medium and large businesses and government agencies, shows that the flood of virus attacks
on corporate and consumer networks is increasing at a torrential rate. The survey shows
that 88 percent of respondents think that malicious code is ‘somewhat worse or much worse’
than 2002, with only 12 percent stating the situation was ‘the same or better’ in 2003.
And the numbers back that up.
The approximate 300 companies surveyed reported 2.7 million virus encounters in all of
2003. That translates into 201 virus encounters for every 1,000 machines every month. And
those encounters brought on 108 infections for every 1,000 machines every month.
The survey also shows that the infection rate is flattening. From 1996 through 2000, there
was a 12 percent increase in infections every year. However, between 2001 and 2003, that
infection rate only increased by 2 percent or 3 percent each year.
”Due diligence has obviously been helping,” says Ken Dunham, director of malicious code
at iDefense, Inc., a security and anti-virus company. ”People are starting to make a clear
association between the cost of doing business and the interruptions that viruses cause.
They’re realizing that if they have to send users home because the network is down or if
clients can’t access their Web site, the cost is dramatic…. They’re taking more steps to
protect themselves.”
Bridwell, who worked on the survey, says the number of encounters is dramatic when you
consider that every encounter means that an IT worker had to do something to ward off
trouble.
”An encounter means that they had to deal in some way with the virus,” says Bridwell.
”Maybe they had to block something or filter an email attachment. Maybe a salesman got a
virus on his laptop and it didn’t infect the network but it had to be cleaned up.
”We’re seeing a spike in how much companies have to defend against,” he adds.
And Bridwell says the survey also shows that the viruses rolling across the Internet are
more dangerous than ever.
”These viruses are designed to attack specific vulnerabiliti3s in networks and operating
systems,” says Bridwell. ”They’re also being designed to spread faster and they’re more
complex. They have SMTP engines and they’re carrying backdoor Trojans.
That increase in sophistication means that when a company gets it, they’re more frequently
getting hit really hard.
The survey shows that 92 of more than 300 respondents reported virus disasters in 2003, an
increase of 15 percent over 2002. For an event to qualify as a virus disaster, there must
be 25 or more PCs or servers infected at the same time with the same virus, or a virus
incident causing significant damage or monetary loss to the company.
The report also shows that malicious code is costing organizations lots of money. In 2003,
disaster recovery costs increased by 23 percent to almost $100,000 per organization per
event.
Carole Theriault, a security consultant with Sophos, Inc., an anti-virus and anti-spam
company with its U.S. base in Lynnfield, Mass., says a large part of the danger comes from
the quickening pace that viruses are being released and at the lightening fast rate they’re
traveling across the Internet — and across corporate networks.
”The new threat is the sheer amount of traffic coming in,” says Theriault. ”Last August,
Sophos was receiving 400,000 copies of Sobig at its gateway. We have lots of bandwidth and
we could handle lots of traffic, but it still slowed us down. It’s like a 100,000 people
trying to get into Wal-Mart at the same time.”
Theriault points to MyDoom, Netsky-D and Sober-C as examples of big viruses that travel
fast, creating a lot of havoc in their wake.
But Bridwell also says that most of last year’s virus trouble could have been nipped at the
bud by simply stopping executable attachments from entering a network.
”What this says is that the virus writers are doing a better job of writing viruses and
fooling people into wanting to click on the attachments,” says Bridwell. ”We need to
filter out those attachments because they’re spoofing the sender’s address. They’re making
it look like the email came from the user’s own company. Let’s remember that a lot of end
users have only been using computers for eight, 10 or 15 years, and there’s a lot of
education still to be done to understand what the dangers are, and what the risks are.”