Quiet September Lets Security Industry Recharge

Download our in-depth report: The Ultimate Guide to IT Security Vendors

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Despite only being active for 10 days in the entire month, the Sobig-F virus wreaked enoughhavoc to retain its place as one of the most destructive viruses for the month of September.

But regardless of Sobig-F and the other viruses active last month, September was fairlyquiet in the malicious code world. And after August went down in history as the month withthe most virus damage, September gave IT managers and anti-virus experts time to regroup andprepare for the next onslaught.

''With August, we had Blaster and Sobig and Nachi,'' says Steven Sundermeier, a vicepresident with anti-virus company Central Command, Inc., based in Medina, Ohio. ''Septembergave everyone a chance to catch up. We're all trying to gear up for the next big virus,whether it's the next Sobig or the Son of Blaster. We're absolutely gearing up for the nextbig outbreak, and September let us do that.''

Two separate anti-virus companies ranked the latest Sobig variant in their infamous lists ofthe most malicious viruses in the wild.

Central Command put Sobig-F in its Number One spot, noting that accounted for 67.5 percentof all virus attacks last month even though it was only active until Sep. 10. Sophos, Inc.,an anti-virus vendor based in Lynnfield, Mass., put Sobig-F in its fourth spot, behindGibe-F, Dumaru-A and Mimail-A.

''This shows how powerful Sobig-F was,'' says Sundermeier. ''In just the first 10 days ofSeptember it accumulated all of these attacks. If it hadn't been deactivated on Sep. 10,you'd see that 67 percent looking more like 80 percent to 90 percent.''

Sobig-F is a mass-mailing worm that also can spread via network shares. Security analystsspeculate that the virus caused so much damage because the whole string of Sobig viruseswere designed to build on the inroads made by the previous variant. Sobig-E, for example,wormed its way into millions of computers and then left those doors open. Sobig-F wentthrough those already open doors and then went from there.

The author of Sobig-F, designed it so it would die out on Sep. 10. That is leading manysecurity analysts to believe that the next variant in the Sobig family will soon be on itsway. And if it builds on the malicious success of Sobig-F, analysts say the damage could beeven worse.

The Gibe-C worm, also known as Swen, also caused its share of trouble last month.

Central Command ranked it in second place, noting that Gibe-C accounted for 8.6 percent ofall virus attacks last month. Sophos, however, gave the virus its top malicious spot, sayingthey recorded that it accounted for 23.5 percent of all attacks.

Gibe-C played on computer users' fears by disguising itself as a cumulative security patchsent out by Microsoft. The email closely mirrored Microsoft's site and tricked people intodownloading another virus.

While Gibe caused some mayhem, many security analysts have been expecting a huge hit. Thenext variant of Sobig was widely believed to be coming around the 9/11 anniversary. The nextBlaster, often referred to as the Son of Blaster, has been lurking just off center stage.But they didn't hit last month.

Some analysts are wondering if virus writers are lying low, waiting for the crush ofattention -- both from IT managers moving quickly to patch their systems, and lawenforcement moving to quickly lock up and prosecute malicious authors -- to pass.

''My gut tells me they've kind of gone underground for a time,'' says Dan Woolley, a vicepresident with Computer Associates. ''The guys out there writing bad code have a lot of heaton them and they've gone underground a little. Maybe they'll stay low till Christmas or thenew year. This is just my gut feeling.''

Sundermeier agrees.

''That may very well be,'' he says. ''Word is getting out that charges will be brought.''But Sundermeier doesn't think the virus writers will be laying low for long.

Submit a Comment

Loading Comments...