Could Arrests Slow Torrent of Virus Attacks?
After weathering a storm of viruses last month, security analysts are hoping that June isn't hit nearly as hard. But they're not getting their hopes too high.
But their hopes aren't very high.
''Sasser and Netsky are still spreading into these early days in June and we expect that to continue for a while,'' says Graham Cluley, a senior consultant with Sophos, Inc., an anti-virus and anti-spam company based in Lynnfield, Mass. ''It's hard to say how June is looking, but there definitely are viruses out there for us to deal with already.''
IT administrators and home users alike mainly were tormented by two viruses last month -- Sasser and Netsky. Both viruses developed large extended families with variant after variant hitting the wild and raising its own style of havoc.
Security analysts are hopeful that the recent arrest of the alleged author of the Sasser worms means that the attacks will wind down.
Sven Jaschan, an 18-year-old German, was picked up in Rotenburg, North Germany by authorities on Friday, May 7, and allegedly admitted to being the author of the fast-spreading Sasser worm, according to Reuters news service. Jaschan reportedly is claiming that he also authored the Netsky worms, but authorities are dubious.
Despite whoever wrote the Netsky family of worms, they have been highly destructive.
The P, D, B and Z variants of Netsky are still taking up four out of the five top spots on eSecurityPlanet's list of Most Dangerous Malware.
Netsky-P, which has been roaming the wild since March 22, still is tormenting networks and the IT administrators who protect them. Central Command Inc., an anti-virus company based in Medina, Ohio., ranks Netsky-P as the most prolific and dangerous virus threat over the past month. It accounts for 36.5 percent of all the bugs roaming the Internet, according to Central Command's calculations.
And the Netsky author, who has used social engineering tricks from the beginning, now has another trick up his sleeve.
Reports are coming in that the worm now is being disguised as a Harry Potter game.
Sophos is reporting that thousands of copies of Netsky-P have been spotted in the last few days. It's a definite uptick in submissions.
Sophos analysts report that Netsky-P owes some of its continued 'success' to its ability to disguise itself as a Harry Potter computer game when spreading on file-sharing systems. With 'Harry Potter and the Prisoner of Azkaban' opening worldwide this week, Potter fans -- eager to play the latest games -- seem to be dropping their guard.
Ken Dunham, director of malicious code at iDefense, Inc., a security intelligence company based in Reston, Va., says he is hopeful that the arrests made last month will have an affect on the number of viruses, worms and Trojans that hit the wild this month.
''What was good about May was that we saw several arrests and that definitely made an impact on the malicious code scene,'' says Dunham. ''That puts the fear in some people to lay low or at least not do as much as they would have otherwise. We've seen a drop in activity related to the worm wars. These guys were feeling invulnerable and that seems to have changed.''