2002 Marked by Sophisticated Attacks
The year 2002 has been characterized by new types of security threats -- more sophisticated and potentially dangerous threats.
A new report just released by security company F-Secure Corp. of Alexandria, Va., tallied 80,000 known viruses. The company also notes that security administrators and CIOs were plagued this past year by hybrid attacks, virus outbreaks on Linux sytems, attacks using open source code, and an escalating activity among Asian virus writers.
''Even though the number of outbreaks has been smaller than during the previous year, new viruses are detected more or less at the same rate as before,'' says an F-Secure spokesman. ``Computer viruses still pose the greatest single problem, even though the number of worldwide outbreaks was clearly smaller in 2002 than in 2001... The majority of virus cases seen during the year were caused by old viruses, some of which have been out in the wild for a couple of years now.''
But while 2002 didn't see as many destructive viruses let loose in the wild, what did come down the pike raised concerns among security experts that virus writers and their creations were becoming more sophisticated.
''I think there's a lot of potential for damage coming down the pike'' says Stephen Trilling, senior director of research at Symantec Corp., an Internet security company based in Cupertino, Calif. ''We will see worms with increasing sophistication. We'll see worms with new ways of spreading. We'll see worms that can spread themselves through Instant Messaging...They can steal documents and information from your machine. They can create new holes in your system, and once they've taken over your machine, they can launch attacks from it.''
A few recent worms and viruses -- such as the Frethem.E and the Simile.D -- didn't wreak any havoc on the Internet but they did serve as a warning for future worm attacks, say security analysts.
The Frethem worm had the ability to propagate itself. It collected email addresses from the Windows Address Book and used its own SMTP engine to send out infected messages. The Simile virus is largely considered the first complicated virus with cross-platform capabilities -- able to attack both Windows and Linux operating systems.
And that's just a taste of what's to come, according to George Bakos, senior security expert at the Institute for Security Technology Studies at Dartmouth College in Hanover, N.H.
''Hybrid worms are going to become more and more common,'' says Bakos. ''They're going to be attacking multiple vulnerabilities, maybe on multiple operating systems.''
Bakos says the industry should be expecting the arrival of worms with new and powerful capabilities. He says to expect worms that infect a computer and then set up a communication channel so it can communicate with its controller. He also warns that administrators should be aware of more polymorphic worms, which are worms designed to hide their own presence.
As for 2002's legacy, there were two viruses competing for the title of the year's most bothersome virus: Klez and Bugbear, according to F-Secure analysts. Of these, the Klez virus family has been out in the wild since October of 2001 and is still spreading. Bugbear, on the other hand, was found in September of this year and spread all over the world in just a few days. Both are email worms. And they both put fake sender names and email addresses in the ''from'' field of messages they send.
F-Secure also reports that the most widespread Linux virus outbreak came in 2002. A network worm named Slapper was first detected on Sept. 14. It quickly infected thousands of Apache web servers around the world. It generally wasn't seen by users. Security analysts say the most interesting aspect of the Slapper virus was its ability to create a distributed peer-to-peer attack network allowing the writer of the virus to take control of any infected server.