Last Year's Security Problems May Balloon in 2004
If 2003 was the worst year in history for viruses and spam, hold onto your hat. This year, according to security experts, is setting up to see the malicious problems that appeared last year grow and fester into major security problems for 2004.
The malicious marriage of spam and viruses. Virus writers working to make a buck instead of making a name for themselves in the black hat world. Spam and viruses becoming more of a heightened security issue than ever before.
These are just some of the predictions from the anti-virus and anti-spam community for the coming year. They're all problems that got a foothold in 2003. And from what the security experts are saying, these problems will only mature and expand in the new year.
''Yes, I definitely see a continuation of the same for this year,'' says Scott Olson, a senior vice president with Austin, Texas-based WholeSecurity, an anti-virus company that focuses on trojans and backdoors. ''Without a doubt we're going to see more and more evolution in these viruses... The damages from these types of attacks are becoming more real. Companies are losing a ton of money because of down time on their networks, and intellectual property theft. And customers are becoming victims of identity theft through faked emails and Trojan horses.''
Viruses and worms caused a lot of damage in 2003. Computer Economics Inc., for instance, estimated that the SoBig virus cost businesses more than $1 billion in losses, while mi2g, a security and digital risk management company based in London, placed costs at a whopping $36.1 billion when losses in productivity and business were factored in. With the MSBlaster worm, it was hard to calculate a final damage cost but Computer Economics took a stab and figured that the damages rang in at $500 just within the first few days of the virus' release.
Beside the increase in financial damage, there were a few major turning points in the virus world last year.
First off, there was a change in motive. For years, virus authors wrote malicious code because they wanted the prestige, the name recognition, in their underground community. Authoring a major virus, one that got worldwide attention or crippled a major company's network even for a few minutes, brought underground glory.
But last year, black hats began writing malicious code aimed at lining their wallets, not their trophy rooms. Viruses dropped Trojans and opened back doors so the author could pilfer critical information, like user names, passwords, Social Security numbers and bank account information.
That made the game more dangerous, more malignant. Instead of crashing a computer for a few minutes or leaving a sarcastic message on a Web site, people were in danger of losing their life savings.
And as that change was happening, another one was coming to light.
Virus writers were teaming up with the security community's other arch nemesis -- spammers.
Think of the mess. Overnight, spam went from pitching Viagra and get-rich-quick schemes to tricking hapless email users into hanging out their critical financial information. The spammers were 'phishing' for financial information, and the virus writers were helping them do it.
''It's not so much about boasting that someone wrote a virus anymore, or getting your name out as a hacker,'' says Steve Sundermeier, vice president of products and services at Central Command, an anti-virus company based in Medina, Ohio. ''It's more about committing these white collar crimes. They're obtaining credit card information and then it becomes a clear cut crime... I personally see more of this happening this year.''
Many analysts also say that viruses and spam are no longer the realm of the techies alone. With money to be made, organized crime is increasingly getting in on the game. And that is upping the ante for those being baited into divulging their critical information, and for those fighting the problem.
And Sundermeier says that means anti-spammers and those in the anti-virus community are increasingly working with law enforcement.
''There's definitely going to be a lot of migration between the anti-virus industry and law enforcement and the FBI,'' he adds. ''We saw this start with Microsoft putting a bounty on hackers' head. We saw the arrest of the guy who wrote the Blaster variant. You'll see a lot more collaboration between anti-virus and law enforcement.''
And with people's life savings or livelihoods on the line, there's more pressure on the security community to be swift and sure in their work.
''It's kind of sad, but there's a new reality to it,'' says Sundermeier. ''Not only do we feel more important but it's a lot of pressure and added stress on us to turn around these virus signatures. If we have code for a new variant of Sobig... now we're talking about people's livelihood and huge financial loss. It's more stressful.''