Study: Virus Attacks Up But Infections Hold Steady

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Last year more -- and more dangerous -- viruses raced across the Internet than ever, according to a new study.

The good news is that while more companies were infected last year than in 2002, the growthin infections is actually lower than in recent years.

''I think it's a good news/bad news thing,'' says Larry Bridwell, a content securityprograms manager with ICSA Labs, a division of TruSecure, a risk management company basedin Herndon, Va. ''The bad news is that we're seeing more and more viruses, and they're moredangerous than ever before. The good news is that we're doing things to mitigate againstthat risk.''

The 9th Annual ICSA Labs Virus Prevalence Survey, which collected data from more than 300medium and large businesses and government agencies, shows that the flood of virus attackson corporate and consumer networks is increasing at a torrential rate. The survey showsthat 88 percent of respondents think that malicious code is 'somewhat worse or much worse'than 2002, with only 12 percent stating the situation was 'the same or better' in 2003.

And the numbers back that up.

The approximate 300 companies surveyed reported 2.7 million virus encounters in all of2003. That translates into 201 virus encounters for every 1,000 machines every month. Andthose encounters brought on 108 infections for every 1,000 machines every month.

The survey also shows that the infection rate is flattening. From 1996 through 2000, therewas a 12 percent increase in infections every year. However, between 2001 and 2003, thatinfection rate only increased by 2 percent or 3 percent each year.

''Due diligence has obviously been helping,'' says Ken Dunham, director of malicious codeat iDefense, Inc., a security and anti-virus company. ''People are starting to make a clearassociation between the cost of doing business and the interruptions that viruses cause.They're realizing that if they have to send users home because the network is down or ifclients can't access their Web site, the cost is dramatic.... They're taking more steps toprotect themselves.''

Bridwell, who worked on the survey, says the number of encounters is dramatic when youconsider that every encounter means that an IT worker had to do something to ward offtrouble.

''An encounter means that they had to deal in some way with the virus,'' says Bridwell.''Maybe they had to block something or filter an email attachment. Maybe a salesman got avirus on his laptop and it didn't infect the network but it had to be cleaned up.

''We're seeing a spike in how much companies have to defend against,'' he adds.

And Bridwell says the survey also shows that the viruses rolling across the Internet aremore dangerous than ever.

''These viruses are designed to attack specific vulnerabiliti3s in networks and operatingsystems,'' says Bridwell. ''They're also being designed to spread faster and they're morecomplex. They have SMTP engines and they're carrying backdoor Trojans.

That increase in sophistication means that when a company gets it, they're more frequentlygetting hit really hard.

The survey shows that 92 of more than 300 respondents reported virus disasters in 2003, anincrease of 15 percent over 2002. For an event to qualify as a virus disaster, there mustbe 25 or more PCs or servers infected at the same time with the same virus, or a virusincident causing significant damage or monetary loss to the company.

The report also shows that malicious code is costing organizations lots of money. In 2003,disaster recovery costs increased by 23 percent to almost $100,000 per organization perevent.

Carole Theriault, a security consultant with Sophos, Inc., an anti-virus and anti-spamcompany with its U.S. base in Lynnfield, Mass., says a large part of the danger comes fromthe quickening pace that viruses are being released and at the lightening fast rate they'retraveling across the Internet -- and across corporate networks.

''The new threat is the sheer amount of traffic coming in,'' says Theriault. ''Last August,Sophos was receiving 400,000 copies of Sobig at its gateway. We have lots of bandwidth andwe could handle lots of traffic, but it still slowed us down. It's like a 100,000 peopletrying to get into Wal-Mart at the same time.''

Theriault points to MyDoom, Netsky-D and Sober-C as examples of big viruses that travelfast, creating a lot of havoc in their wake.

But Bridwell also says that most of last year's virus trouble could have been nipped at thebud by simply stopping executable attachments from entering a network.

''What this says is that the virus writers are doing a better job of writing viruses andfooling people into wanting to click on the attachments,'' says Bridwell. ''We need tofilter out those attachments because they're spoofing the sender's address. They're makingit look like the email came from the user's own company. Let's remember that a lot of endusers have only been using computers for eight, 10 or 15 years, and there's a lot ofeducation still to be done to understand what the dangers are, and what the risks are.''

Submit a Comment

Loading Comments...