X
Tech

2001: Year of the virus

Viruses such as the Homepage e-mail worm and the earlier Kournikova worm do not represent a major advance in virus writing and are simple to avoid, yet the number of infections is on the rise.
Written by Will Knight, Contributor
Viruses such as yesterday's Homepage e-mail worm and the earlier Kournikova worm do not represent a major advance in virus writing and are simple to avoid, yet the number of infections is on the rise. One virus scanning company has already trapped more e-mail viruses so far this year than in the whole of 2000.

UNITED KINGDOM (ZDNet UK) - While it is impossible to pinpoint the exact number of viruses that are sent around the world each year, the evidence points to rising incidents. And the increase is attributed in part to major outbreaks including the Kournikova worm and yesterday's Homepage outbreak.

By the end of Wednesday, the number of viruses trapped this year by the MessageLabs SkyScan virus scanning service in 2001 passed 185,000, which exceeds the mark reached in the whole of 2000. Yesterday's Homepage worm gave the figures a significant boost.

These figures may be slightly misleading because of the growth in customers--and subsequent number of e-mails scanned--by MessageLabs. But the ratio of e-mails that contain viruses has also increased, from roughly one in 1,500 e-mails last year to one in every 1,000 today.

"We are seeing a steady increase," said Natacha Staley, a consultant with antivirus firm Sophos. "Around a year ago we would probably expect to 1,000 new viruses each month, nowadays we aren't surprised to see 1,200. However, the vast majority of these are not in the wild."

Homepage represents the second major virus outbreak of 2001. Antivirus experts say that the worm spread with even greater speed than February's Kournikova worm, the other major e-mail germ of the year.

Although 2000 saw the infamous Love Bug virus, widely acknowledged as the most successful virus ever, MessageLab's figures suggest that this year has already proved more successful for spreading malicious computer code.

This trend is worrying given that neither Kournikova nor Homepage represent a major technical advance from the LoveBug, itself a relatively simple virus, while at the same time antivirus technology is getting ever more sophisticated and widespread media coverage means that users are more aware of the risk than ever before.

According to experts, there is no one reason for this increase. "I think this is a combination of the things," said Alex Shipp, an antivirus researcher at MessageLabs. "We are all online, we are all mostly using the same software (Windows and Outlook), and it is now very easy to write a virus. Put these three factors together, and you get the current situation."

Other experts agree that a more proactive approach is needed. Gaham Cluley, head of research at Sophos antivirus, said the Homepage worm showed that users are still not cautious about clicking on attachments.

Jack Clark, European product manager for Network Associates, the computer security company that produces McAfee antivirus software, said it is also up to administrators to block certain kinds of malicious attachment. "They need to stop VBS attachments for a start," he said.

The simplicity of modern virus writing is also a factor. Virus-writing toolkits now allow any computer user to create a brand new, personalized and potentially devastating virus using simple drag and drop tools and both Kournikova and Homepage were written using the variants of the same toolkit known as "OnTheFly".

Raimund Genes, vice president of European sales and marketing for Trend Mico, said such toolkits have made it possible for virus writers to make viruses more virulent than ever. "What we have seen this year is that nearly all viruses are using a mass-mailing feature," he said, adding that it is no accident that Homepage, Kournikova and the LoveBug were all designed to send themselves to every address they could find.

Some experts believe there is a need for more sophisticated solutions. Network Associates' Clark noted that many solutions only detect and stop viruses once they have been identified, which if often too late.

Editorial standards