More virus attacks in 2003 but less damage

More virus attacks in 2003 but less damage

Virus activity appeared to increase moderately in the first seven months of 2003, but the cost and impact of virus outbreaks generally remained mild, at least for business users and corporate networks.

That is according to a report by antivirus and internet content security software provider Trend Micro.

The report states that the number of global medium-to-high risk alerts increased by about 40% in the first half of 2003, compared to the same period in 2002. However, recent outbreaks have tended to infect fewer computers, cause less damage and pass by more quickly than the major attacks of three or four years ago, such as Melissa or the Love Letter worm. 

Jamz Yaneza, senior antivirus consultant for Trend Micro's TrendLabs, sees an important explanation for this trend. "The widespread adoption of high-end antivirus and e-mail filtering software has greatly curbed the impact of viruses on enterprise networks. The most successful viruses of yesteryear really took off by infecting large corporations, and using their e-mail systems as high-speed global distribution machines. Today practically every large company, as well as most small and medium ones, have network-based virus protection. The typical virus is instantly blocked at the gateway level and never reaches a corporate user in an e-mail."

Worm-like viruses remained the predominant type of malware throughout the first seven months, particularly 'mixed threats,' which typically use multiple channels of transmission in addition to email. These viruses may incorporate successful features from past viruses, and make use of backdoors and other information-stealing exploits found in Trojans and hacker tools.

Trend Micro posted more than 130 low and medium-risk virus advisories in the year to August 1, 2003, including 20 in July. (The last threat, Worm_Mimail.A, struck at the very end of the month (or August 1 in Asia), and is currently the fourth most widespread virus after picking up following the weekend.) 

The focus now turns to what strategies organisations have in place to deal with new types of mixed threats that use multiple propagation techniques to penetrate a network.  In 2003 these included the Lovgate.F worm, which topped Trend Micro's most common virus list since March, and the Slammer worm (Worm_SQL1434.D), which wreaked havoc on the Internet with a lightning-fast strike on Microsoft SQL servers in January.

Also out in the vast sea of home users, millions of whom lack virus protection or fail to update it, nasty and long-running mixed threats such as Klez.H and Yaha.G seem to stay in endless circulation, occasionally slipping through the gates of corporate networks that let their guard down. 

Related Article:

Complacency - not complexity - the killer in IT security

Business Solution: