Study: Virus Attacks Up But Infections Hold Steady
Last year more -- and more dangerous -- viruses raced across the Internet than ever, according to a new study. But there was a glimmer of good news.
The good news is that while more companies were infected last year than in 2002, the growth in infections is actually lower than in recent years.
''I think it's a good news/bad news thing,'' says Larry Bridwell, a content security programs manager with ICSA Labs, a division of TruSecure, a risk management company based in Herndon, Va. ''The bad news is that we're seeing more and more viruses, and they're more dangerous than ever before. The good news is that we're doing things to mitigate against that risk.''
The 9th Annual ICSA Labs Virus Prevalence Survey, which collected data from more than 300 medium and large businesses and government agencies, shows that the flood of virus attacks on corporate and consumer networks is increasing at a torrential rate. The survey shows that 88 percent of respondents think that malicious code is 'somewhat worse or much worse' than 2002, with only 12 percent stating the situation was 'the same or better' in 2003.
The approximate 300 companies surveyed reported 2.7 million virus encounters in all of 2003. That translates into 201 virus encounters for every 1,000 machines every month. And those encounters brought on 108 infections for every 1,000 machines every month.
The survey also shows that the infection rate is flattening. From 1996 through 2000, there was a 12 percent increase in infections every year. However, between 2001 and 2003, that infection rate only increased by 2 percent or 3 percent each year.
''Due diligence has obviously been helping,'' says Ken Dunham, director of malicious code at iDefense, Inc., a security and anti-virus company. ''People are starting to make a clear association between the cost of doing business and the interruptions that viruses cause. They're realizing that if they have to send users home because the network is down or if clients can't access their Web site, the cost is dramatic.... They're taking more steps to protect themselves.''
Bridwell, who worked on the survey, says the number of encounters is dramatic when you consider that every encounter means that an IT worker had to do something to ward off trouble.
''An encounter means that they had to deal in some way with the virus,'' says Bridwell. ''Maybe they had to block something or filter an email attachment. Maybe a salesman got a virus on his laptop and it didn't infect the network but it had to be cleaned up.
''We're seeing a spike in how much companies have to defend against,'' he adds.
And Bridwell says the survey also shows that the viruses rolling across the Internet are more dangerous than ever.
''These viruses are designed to attack specific vulnerabiliti3s in networks and operating systems,'' says Bridwell. ''They're also being designed to spread faster and they're more complex. They have SMTP engines and they're carrying backdoor Trojans.
That increase in sophistication means that when a company gets it, they're more frequently getting hit really hard.
The survey shows that 92 of more than 300 respondents reported virus disasters in 2003, an increase of 15 percent over 2002. For an event to qualify as a virus disaster, there must be 25 or more PCs or servers infected at the same time with the same virus, or a virus incident causing significant damage or monetary loss to the company.
The report also shows that malicious code is costing organizations lots of money. In 2003, disaster recovery costs increased by 23 percent to almost $100,000 per organization per event.
Carole Theriault, a security consultant with Sophos, Inc., an anti-virus and anti-spam company with its U.S. base in Lynnfield, Mass., says a large part of the danger comes from the quickening pace that viruses are being released and at the lightening fast rate they're traveling across the Internet -- and across corporate networks.
''The new threat is the sheer amount of traffic coming in,'' says Theriault. ''Last August, Sophos was receiving 400,000 copies of Sobig at its gateway. We have lots of bandwidth and we could handle lots of traffic, but it still slowed us down. It's like a 100,000 people trying to get into Wal-Mart at the same time.''
Theriault points to MyDoom, Netsky-D and Sober-C as examples of big viruses that travel fast, creating a lot of havoc in their wake.
But Bridwell also says that most of last year's virus trouble could have been nipped at the bud by simply stopping executable attachments from entering a network.
''What this says is that the virus writers are doing a better job of writing viruses and fooling people into wanting to click on the attachments,'' says Bridwell. ''We need to filter out those attachments because they're spoofing the sender's address. They're making it look like the email came from the user's own company. Let's remember that a lot of end users have only been using computers for eight, 10 or 15 years, and there's a lot of education still to be done to understand what the dangers are, and what the risks are.''
March 17, 2004
A new security company is running with the idea that it's simply not enough to protect a corporate network anymore. They say it's time to fight back. But analysts worry that attacking back will cause even more trouble.