March Virus Madness Strains IT Managers

Download our in-depth report: The Ultimate Guide to IT Security Vendors

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
March was a stressful month for IT and security managers as they struggled to keep up withthe roaring torrent of new viruses hitting as often as three or four times a day.

Industry analysts say high-tech managers have been under great strain in the past month ortwo as they worked feverishly to keep their networks bug free. The Netsky and Bagle virusfamilies were mostly to blame, with nearly 50 variants between them being hitting the wild.

''We've never seen anything quite like this,'' says Ken Dunham, director of malicious codeat iDefense, Inc., a security intelligence company based in Reston, Va. ''The war betweenthese two viruses is quite significant... There was a synergy in these two viruses hittingat the same time. It became an issue of pride and the war broke out.''

That war of viruses has meant that variants have appeared, rolling through the wild, nearlyon top of each other. Multiple variants have even hit on the same day. And since eachvariant is different enough to warrant an update in detection systems and anti-virussoftware, each variant has called for an emergency update. That has kept the anti-viruscommunity and IT and security managers hopping.

''What's keeping this going is that the actual pool of compromised machines is so great,''says Steve Sundermeier, vice president of products and services at Central Command Inc., ananti-virus company based in Medina, Ohio. ''They're using those machines, and they'll usethem until the pool is closed. What's worrisome is that other spammers will see thissuccess, and will try the same methods.''

Sundermeier also notes that while it's not totally unheard of, it's rather unusual for avirus, especially two at the same time, to rack up so many variants. The Netsky virus is upto an R variant, and Bagle is up to V. If both viruses keep going, which analysts say theyundoubtedly will, they'll move into double letter range. Once a virus has run its coursethrough the alphabet, new variants will receive names such as Bagle.AA or Netsky.AB.

''A huge part of the problem here is that the variants continue to be successful,'' saysSundermeier. ''IT professionals always have to be on alert, and so do we. Every successfulvariant requires an emergency update... It used to be that you were fine with a dailyupdate. We're posting two, three or four updates in a day, and that kind of strains things.

''You're only as good as your last update,'' he adds.

The Netsky and Bagle viruses not only made the month of March crazy in the virus community,it actually defined it.

Sophos, Inc., an anti-virus and anti-spam company based in Lynnfield, Mass., reported todaythat the two virus families made up nine out of the top 10 virus rankings for March.MyDoom-A slipped into the tenth spot.

Sophos ranked the top nine viruses as: Netsky-D, Netsky-B, Netsky-C, Bagle-C, Netsky-J,Bagle-E, Netsky-P, Bagle-H and Bagle-J.

The top three Netsky variants racked up a large percentage of the virus-related problemsthis past month. Netsky-D accounted for 3.2 percent of all reports, while Netsky-Baccounted for 12.3 percent and Netsky-C accounted for 11.7 percent.

''The Netsky author wins the dubious accolade of the month's biggest virus, accounting foralmost 60 percent of all reports to Sophos, but the biggest losers are the innocentcomputer users who have been caught in the crossfire of the Netsky/Bagle spat,'' saysCarole Theriault, security consultant, Sophos.

Submit a Comment

Loading Comments...