Could Arrests Slow Torrent of Virus Attacks?

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Email  
After weathering a storm of viruses last month, security analysts arehoping that June isn't hit nearly as hard.

But their hopes aren't very high.

''Sasser and Netsky are still spreading into these early days in Juneand we expect that to continue for a while,'' says Graham Cluley, asenior consultant with Sophos, Inc., an anti-virus and anti-spam companybased in Lynnfield, Mass. ''It's hard to say how June is looking, butthere definitely are viruses out there for us to deal with already.''

IT administrators and home users alike mainly were tormented by twoviruses last month -- Sasser and Netsky. Both viruses developed largeextended families with variant after variant hitting the wild andraising its own style of havoc.

''I think May was quite bad and it's really because of the twoviruses,'' says Cluley. ''There was the Sasser worm that came out at theend of April and it hit some well-known organizations. It hit the U.K.Coast Guard, the German Post Office and an Australian bank. It got badenough at the bank that they said they were resorting to pen andpaper.''

Security analysts are hopeful that the recent arrest of the allegedauthor of the Sasser worms means that the attacks will wind down.

Sven Jaschan, an 18-year-old German, was picked up in Rotenburg, NorthGermany by authorities on Friday, May 7, and allegedly admitted to beingthe author of the fast-spreading Sasser worm, according to Reuters newsservice. Jaschan reportedly is claiming that he also authored the Netskyworms, but authorities are dubious.

Despite whoever wrote the Netsky family of worms, they have been highlydestructive.

The P, D, B and Z variants of Netsky are still taking up four out of thefive top spots on eSecurityPlanet's list of Most DangerousMalware.

Netsky-P, which has been roaming the wild since March 22, still istormenting networks and the IT administrators who protect them. CentralCommand Inc., an anti-virus company based in Medina, Ohio., ranksNetsky-P as the most prolific and dangerous virus threat over the pastmonth. It accounts for 36.5 percent of all the bugs roaming theInternet, according to Central Command's calculations.

And the Netsky author, who has used social engineering tricks from thebeginning, now has another trick up his sleeve.

Reports are coming in that the worm now is being disguised as a HarryPotter game.

Sophos is reporting that thousands of copies of Netsky-P have beenspotted in the last few days. It's a definite uptick in submissions.

Sophos analysts report that Netsky-P owes some of its continued'success' to its ability to disguise itself as a Harry Potter computergame when spreading on file-sharing systems. With 'Harry Potter and thePrisoner of Azkaban' opening worldwide this week, Potter fans -- eagerto play the latest games -- seem to be dropping their guard.

Ken Dunham, director of malicious code at iDefense, Inc., a security intelligence company based in Reston, Va., says he is hopeful that the arrests made last month will have an affect on the number of viruses, worms and Trojans that hit the wild this month.

''What was good about May was that we saw several arrests and thatdefinitely made an impact on the malicious code scene,'' says Dunham. ''That puts the fear in some people to lay low or at least not do as much as they would have otherwise. We've seen a drop in activity related to the worm wars. These guys were feeling invulnerable and that seems to have changed.''

JOIN THE DISCUSSION

Loading Comments...