2003 ‘Worst Year Ever’ for Viruses, Worms

In no other year have computer viruses and worms wreaked so much havoc and caused so muchdamage as in this past year, according to security analysts.

And the stakes are only getting higher as we go forward.

”This has been the worst ever,” says Ken Dunham, director of malicious code at Reston,Va.-based iDefense Inc. ”Without a doubt, malicious code came to a massive head in 2003…we saw a huge impact of malicious code on infrastructure. We had seen worms cause somedisruption before, but mostly they’d been an annoyance. Now infrastructure is beingimpacted.”

In 2003, viruses and worms not only caused billions of dollars in damages and clean-upcosts. They went so far as to shake the Internet’s backbone. They slowed down travel, halted911 calls, and knocked out ATM machines. From the Slammer attack in January to the MSBlasterand Sobig family that attacked in August, it was one rough year.

”This year was definitely the busiest one on record for us,” says Chris Belthoff, a senioranalyst at Sophos, Inc., an anti-virus and anti-spam company based in Lynnfield, Mass. ”Westarted with Slammer in January and then we had BugBear in June. At the time, people thoughtthat was pretty bad. But then the major event of the year was the one-two punch of Blasterand Sobig in August. They were very different — one spread machine to machine and the otherwas a mass-mailing worm — but both very damaging.

”When the infrastructure was impacted, it was significant because it causes problems forhow our country operates,” says Dunham. ”And it shows how vulnerable we are. Imagine anattack that affects ATMs right before Christmas. There could be huge cause for concern.”

Dunham says the year started off with a bang — a malicious bang — when Slammer wasreleased in the wild, delaying airline flights, bringing down a 911 system and stressing theInternet’s backbone. Everyone thought worms had hit a new high in destructive capability.But that was early in the year. Much worse was still to come.

August was the worst month on record for virus and worm attacks, according to severalanti-virus companies.

MS Blaster hit the wild with a vengeance, exploiting a flaw with Microsoft Windows’ RemoteProcedure Call (RPC) process, which controls activities such as file sharing. The flawenabled the attacker to gain full access to the system. The vulnerability itself, whichaffects Windows NT, Windows 2000 and Windows XP machines, affects both servers and desktops,expanding the reach of any exploit that takes advantage of it.

What made it a major problem was the fact that the vulnerability affected servers anddesktops in such popular operating systems, there were potentially millions of vulnerablecomputers out there.

But then along came the Sobig family of viruses.

The Sobig family hit the Internet hard, flooding email servers and inboxes. Corporatenetworks staggered under the barrage with network access slowing to a crawl, and some emailsystems being taken temporarily offline to stop the siege.

Sobig-F has been named the fastest spreading virus in the industry’s history. The latestreport estimates that Sobig has caused 36.1 billion in damages.

Sobig-F unquestionably wins the dubious title of ‘Worm of the year’,” says Belthoff. ”Itspread more ferociously than any virus ever seen before, swamping email inboxes. Somecompanies reported seeing hundreds of thousands of infected emails every day.”

Change in Motive Ups the Ante

Analysts say what has struck them the most is the change in motive for the virus authors.Virus writers basically created the malicious code to make a name for themselves in theunderground hacker world. The bigger the chaos they created, the bigger their infamy.

But this year, analysts saw a disturbing change.

”Viruses and worms are being written now for financial gain,” says Steve Sundermeier,
vice president of products and services at Central Command Inc., an anti-virus company basedin Medina, Ohio. ”They’re prodding users, or phishing, for credit card information, bankaccount information, Social Security numbers. The worms are better disguised because they’veupped the ante since they’re writing for criminal purposes now… It makes it a lot harderto fight.”

Dunham notes that this is a significant progression in the malicious code world.

”It’s not just people who play around anymore,” he adds. ”This is creating a market fororganized crime. Credit cards. Passwords. They’re looking for anything they can use to dupethe victim.”

And all the analysts agree that there’s more of this to come.

”There’s a lot of new tactics, new procedures,” says Sundermeier. ”We’re not talkingabout the worst case scenario being that you have to reformat your hard drive. You couldlose your livelihood. You could lose your bank information, credit card information, SocialSecurity numbers. It’s a lot more severe now.”

Sharon Gaudin
Sharon Gaudin
Sharon Gaudin is an eSecurity Planet contributor.

Top Products

Related articles