A Look Into The Viruses That Caused Havoc In 2003
by Berislav Kucan - Tuesday, 23 December 2003.
How come there are so many infections caused by worms that don't offer anything new (the same old propagation tricks, using the same vulnerabilities)?

Graham Cluley: Too many companies are failing to block unwanted executable content at the email gateway. A strict policy filter can weed out dangerous content and avoid new viruses from arriving via email. Furthermore, too many users are falling for the old confidence trick of "here's a sexy file, why not run it?"

David Perry: Email is the main propagation method for viruses today, and has been since the arrival of Melissa in 1999. E-mail makes a good medium for viruses, being almost universally used by all computer users. Note that the email virus of today is a very different animal from the ones we saw last century. In 1999 and 2000, most email viruses were restricted to only being valid in Microsoft Outlook and Outlook Express, while today's email worms carry their own SMTP engines and will work in any machine regardless of the email platform used.

There is an important distinction between ZOO viruses and viruses in the wild (ITW). Most of the really high level virus writers are loath to face legal problems, and do not deploy their viruses into the wild. Rather, they will email copies of their viruses directly to virus researchers. The writers who release viruses into the wild, on the other hand, tend to be less experienced programmers, and are frequently characterized as 'script kiddies'. In general the vast majority of viruses are very derivative of previous viruses, which is both easier for the virus writer, and easier for the antivirus protection effort. We are not looking forward to more innovative viruses, but we spend a lot of time and money getting ready for them.

Fernando de la Cuadra: There are a really important factor that affects to all the computers. You can upgrade the system, you can install as much barriers for security as you can, but the most dangerous element will never be removed - the users' index finger. It's the finger that double clicks on the dangerous elements, clicks on the links, opens the mails... If the companies do not train the users, old threats will carry on spreading.

Besides this, there is another important thing - the network administrators don't upgrade their systems on a timely basis. There are lots of causes for this lack of updating, but they should realize that this is a big problem. Web pages as Help Net Security are making a big job on this way. If all the administrators take a weekly look, just once a week, the security will rise up.

Denis Zenkin: I agree that during this year we saw several examples of global outbreaks caused by malware using the "old good" tricks of primitive social engineering (Swen, Sobig). It is really hard to say why exactly this happened. However, we believe this is because of the new Internet users, who are more aware of malware sneaking through security breaches rather than social engineering.

Mikko H. Hypponen: Because users don't patch their machines. And they never learn anything, ever.

Nick Galea: Because customers are not deploying technologies that focus on detecting the method used by virus writers. They are using signature-based products that are easy to fool time and time again, using the same tricks.

When taking a look at malware, what do you expect from the year 2004?

Graham Cluley: We will see more Windows viruses and worms making a big impact. We will see more evidence of virus writers and spammers working in co-operation, and more internet worms. Everyone should ensure all their PCs are properly secured for a high level of protection.

David Perry: I expect more development on the breaking trends in virus code. (pun intended), these being hybrid attacks (the so-called 'blended threat'), network worms (these are particularly pernicious, but much harder to write--so there will be fewer of them, but more to be feared) and advances in Chat (IM, IRC) based trojans.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th