Galt Global Review

QFS 360

Contact Us Links Classified Home

 Business News
 Business Roundups
  Australia
  Canada
  Europe
  United States
 Careers
 Classified
 Feature Article
 Information Technology
 New Technology
 Education News
 World Facts
 Book Reviews
 Archives/Research

Search

Tell your friends about this page

Receive articles in your mailbox

Privacy Policy

Susceptibility, Virility or Opportunity?
February 25, 2003
By Esme Friesen

Has the intelligence and number of computer viruses grown, has our AV prevention measures declined, or can the sharp increase in numbers simply be attributed to the rise of global Internet use?

According to MessageLabs' VirusEye Review, it is the number of viruses that have grown; as well, the nature of the spread of infection has changed.

Since 1999, MessageLabs has been tracking the capture of viruses from the millions of e-mails scanned everyday via their global net of control towers, and they have come up with some startling statistics.

In 1999, MessageLabs was capturing an average of one virus per hour. By 2000, the number had risen to one every three minutes, and the current rate of inception is one every 4 seconds! This translates into one virus for each 212 e-mails sent in 2002, which is up from one virus per 380 e-mails in 2001.

The problem is in the source… so is the solution.
Mark Sunner, CTO at MessageLabs commented in the VirusEye that "Most AV software was developed in the pre-Internet age, when sharing an infected floppy disk was as dangerous as things got. Now more than 90 per cent of viruses are e-mail-borne, spreading across the globe in a matter of minutes."

Most businesses today spend money on anti-virus software, constantly upgrading with the latest signatures, so why is the number of viruses captured rising?

"The source of the virus problem has changed," says Sunner, and so "the first line of defense needs to be positioned at the Internet level…not at the gateway or desktop." " Downloading virus patches amounts to no more than closing the gate after the horse has bolted."

Sunner also advised that scanning at the Internet level could also protect users from tomorrow's unknown viruses.

0 - 400,000 400,001 - 800,000 800,001 - 1,200,000 1,200,001 - 1,600,000 1,600,001 - 2,000,000 First Stopped Country of Origin
Klez.H-mm         1,879,085 April 15, 2002 USA
YahaE-mm   721,219       June 15, 2002 India
BugBear-mm   460,219       September 29, 2002 Malaysia
SirCam.A-mm 88,310         July 17, 2002 USA
Klez.E-mm 41,476         November 8, 2000 Panama
Magistr.B-mm 23,115         September 4, 2000 UK
Yaha.C-mm 18,573         May 10, 2002 Spain
Hybris.B-mm 15,682         November 8, 2000 Brazil
Magistr.A-mm 1,181         March 14, 2001 Spain
Nimda.E-mm 4,906         October 29, 2002 South Korea

What about these viruses?
All of the above viruses are mass-mail viruses. Some with the ability to spread via e-mail messages, usually replicating itself by automatically mailing itself to other individuals in the victim's address book. Others having more sophisticated "worm" or "Trojan horse" capabilities.

While there have been few new viruses captured by MessageLabs in 2002, "the levels of virus activity have never been higher" states Sunner. Despite effective AV solutions, the rate of proliferation of a new virus remains high.

Worms are small pieces of software that use computer networks and security holes to replicate. A copy of the worm then scans the network for other machines with the specific security hole and copies itself to the other machines, spreading from there.

Trojans are computer programs that claim to do one thing, but instead harm your system when you run it - ie: it may erase your hard drive. They have no way to replicate on their own.

Bugbear factfile

Bugbear is a mass-mailing virus with five key payload elements:

  • It contains a trojan which enables it to log key strokes, thus the virus could potentially compromise otherwise secure transactions and passwords.
  • Bugbear can open up a back-door port, allowing access to hackers.
  • The virus will attempt to disable popular AV software and firewalls which might be in place, rendering detection on a desktop ineffective.
  • Bugbear has its own SMTP engine; it can distribute e-mails from the recipient's account, mass-mailing potentially confidential information.
  • The virus spreads across local networks via network shares and doesn't check to ascertain what the shared components it is connected to. On shared computers, the virus will drop a copy into the startup directory.

    Source: MessageLabs VirusEye Quarterly Review, Autumn 2002

© Copyright 2003 Galt Western Personnel Ltd. Unless otherwise specified, you may reprint this article, quote from it, use it in research or projects, duplicate it or distribute it. Credit of authorship and source MUST be given to galtglobalreview.com. Ownership of Copyright remains with Galt Western Personnel Ltd.

Return to Top

 Business News / Business Roundup - Australia / Canada / Europe / United States / Careers / Classified / Information Technology / New Technology / Education News / World Facts / Book Reviews / Archives/Research