Virus attacks: The bad news gets worse
Remember the "Love" bug of May 2000? MessageLabs, a British e-mail filtering application service provider, was the organization that both took the lead in stopping the Bug and named it as well. The firm scans more than 2 million e-mails daily from e-mail control centers in London and Amsterdam, and it has just gone live with a New York center.
MessageLabs’ Virus Report for 2000 showed that a virus was detected every 3 minutes in 2000, a ten-fold increase from 1999. If that weren’t enough, MessageLabs’ January 2001 data is starting to roll in, and it shows the trend continuing. By the third of the month, more viruses were caught than for the entire month of January in 2000. While one virus was found in 1,500 e-mails during the year 2000, that ratio has risen to 1 in 400 so far this year.
Mark Sunner, CTO for MessageLabs, finds that, contrary to popular belief, it is becoming ever easier to create and distribute nastier viruses with less and less expertise. Contributing factors include the pervasiveness of Microsoft Outlook and the easy availability of VBScript development tools. Another problem is that software vendors, pressured by tight release dates and interoperability requirements, sometimes fail to consider security during the coding process and ignore security issues when conducting program reviews (for example, failing to check for buffer overflow holes in routines).
If the future holds more sophisticated, harder to identify, and faster migrating hostile code, what’s a company to do?
Luckily, there’s no shortage of virus information, updates, and fixes to assist vulnerable virus recipients. Gear your protective procedures based on your company’s size and security assets.Large, enterprise level organizations with dedicated security staff and integrated network, authentication, and platform protection backed up with security policies will likely have the regimen in place to rigorously scan incoming and outgoing e-mail. Consider using more than one vendor’s virus protection products to increase scanning effectiveness, as do MessageLabs and CleanMail. New viruses are being developed so quickly and are migrating so rapidly that one vendor's product isn't enough to catch all incoming threats. The marginal increase in protection by operating multiple vendor software may be worth the investment to meet protection goals. Filtering algorithms, centrally executed in sequential fashion, can be installed without vendor software conflicts.
Mid-sized firms as well as multi-office and multi-national companies without a dedicated security staff should consider an e-mail security services provider. Conducting frequent virus signature file updates will help, but may not measure up to new threats coming in 2001. Mid-sized firms normally are at a resource and budget point where e-mail security service providers – that generally charge by e-mail volume -- offer one of the best options for very high level protection. If outsourcing costs are too high for the security budget, an e-mail security awareness program added to current in-house virus-scanning methods will significantly aid in protection.
Small organizations, fortunately not as visible as larger corporations, remain perhaps the most vulnerable to e-mail attack due to lack of internal security resources and limited budgets. These organizations should consider using a managed security services provider such as MyCIO.com or Trend Micro.
No matter the size of your company, it is open to the threats identified in the MessageLabs report. Your firm’s security depends on adequate e-mail protection.
Additional resources:
Symantec
Antivirus Research Center
Dr.
Solomon's Virus Central
Stiller
Research Virus Information
Joe Well's Wild Lists - Viruses
in the wild
McAfee
Virus Pages
Sophos
Virus Information Page
Computer
Associates Virus Information Center
Trend
Micro Virus Encyclopedia
AVP
Virus Encyclopedia
Dr. Goslar is principal security analyst and founder of E-PHD, LLC – a security research and analysis firm. A cyber-investigator and former law enforcement software engineering officer, he can be reached at Comments@E-PHD.COM.