Virus attacks: The bad news gets worse

Viruses are becoming nastier, and easier to create and to distribute. While one virus was found in 1500 e-mails during the year 2000, early results this year showed a ratio of 1 in 400.

You’d think that with the growing number of products and services designed to prevent virus attacks, much of the virus flow would have been stanched by the end of 2000. The real story is quite the contrary -- the number of worms and other e-mail-borne hostile code is reaching unprecedented levels, while becoming more deadly and spreading faster.

Remember the "Love" bug of May 2000? MessageLabs, a British e-mail filtering application service provider, was the organization that both took the lead in stopping the Bug and named it as well. The firm scans more than 2 million e-mails daily from e-mail control centers in London and Amsterdam, and it has just gone live with a New York center.

MessageLabs’ Virus Report for 2000 showed that a virus was detected every 3 minutes in 2000, a ten-fold increase from 1999. If that weren’t enough, MessageLabs’ January 2001 data is starting to roll in, and it shows the trend continuing. By the third of the month, more viruses were caught than for the entire month of January in 2000. While one virus was found in 1,500 e-mails during the year 2000, that ratio has risen to 1 in 400 so far this year.

Mark Sunner, CTO for MessageLabs, finds that, contrary to popular belief, it is becoming ever easier to create and distribute nastier viruses with less and less expertise. Contributing factors include the pervasiveness of Microsoft Outlook and the easy availability of VBScript development tools. Another problem is that software vendors, pressured by tight release dates and interoperability requirements, sometimes fail to consider security during the coding process and ignore security issues when conducting program reviews (for example, failing to check for buffer overflow holes in routines).

If the future holds more sophisticated, harder to identify, and faster migrating hostile code, what’s a company to do? Luckily, there’s no shortage of virus information, updates, and fixes to assist vulnerable virus recipients. Gear your protective procedures based on your company’s size and security assets.

Large, enterprise level organizations with dedicated security staff and integrated network, authentication, and platform protection backed up with security policies will likely have the regimen in place to rigorously scan incoming and outgoing e-mail. Consider using more than one vendor’s virus protection products to increase scanning effectiveness, as do MessageLabs and CleanMail. New viruses are being developed so quickly and are migrating so rapidly that one vendor's product isn't enough to catch all incoming threats. The marginal increase in protection by operating multiple vendor software may be worth the investment to meet protection goals. Filtering algorithms, centrally executed in sequential fashion, can be installed without vendor software conflicts.

Mid-sized firms as well as multi-office and multi-national companies without a dedicated security staff should consider an e-mail security services provider. Conducting frequent virus signature file updates will help, but may not measure up to new threats coming in 2001. Mid-sized firms normally are at a resource and budget point where e-mail security service providers – that generally charge by e-mail volume -- offer one of the best options for very high level protection. If outsourcing costs are too high for the security budget, an e-mail security awareness program added to current in-house virus-scanning methods will significantly aid in protection.

Small organizations, fortunately not as visible as larger corporations, remain perhaps the most vulnerable to e-mail attack due to lack of internal security resources and limited budgets. These organizations should consider using a managed security services provider such as or Trend Micro.

No matter the size of your company, it is open to the threats identified in the MessageLabs report. Your firm’s security depends on adequate e-mail protection.

Additional resources:

Symantec Antivirus Research Center
Dr. Solomon's Virus Central
Stiller Research Virus Information
Joe Well's Wild Lists - Viruses in the wild
McAfee Virus Pages
Sophos Virus Information Page
Computer Associates Virus Information Center
Trend Micro Virus Encyclopedia
AVP Virus Encyclopedia

Dr. Goslar is principal security analyst and founder of E-PHD, LLC – a security research and analysis firm. A cyber-investigator and former law enforcement software engineering officer, he can be reached at Comments@E-PHD.COM.