Fernando de la Cuadra: The year began with SQLSlammer, a really fast infector. It only collapses MS SQL Server, but the speed when infecting servers was really incredible. It was a very important milestone for AV manufacturers because most of them cannot detect the code with their obsolete technologies. The Blaster virus attacked in August, once again using system vulnerability, and having fast propagation. Both viruses are, from my point of view, the biggest infectors appeared in 2003, but there is a really important infector in 2003, that appeared a long time ago: Klez.I virus. Since its discovery, it is always on the top virus lists.

Denis Zenkin: Undoubtedly the major deplorable surprise on the virus scene this year was high proliferation of the "flash"-type network worms: Slammer and Lovesan. This implies the real start of a new era of malware creation and protection: traditional anti-virus tools are no longer enough to protect a workplace against worms, but they should be definitely strengthened with firewalls to ensure maximum security. Another disturbing trend is of course the situation with security patches. The speed they are released and the way they are distributed is not sufficient.

Mikko H. Hypponen:From my perspective, these were the top five issues:

• Slammer: single largest attack against the internet ever
• Sobig.F: single largest email worm ever
• Microsoft buying RAV and entering the AV business
• New York blackout
• Spammers starting to use viruses

Nick Galea: E-mail viruses were again at the forefront of IT news this year - particularly with viruses like Mimail and its variants, which attempted to steal confidential information from the compromised computers. Other special occurrences include SoBig, its variants and Bugbear.B, which spoofed the sender email address to make the infected email look legitimate and the Blaster worm, which exploited a known Windows vulnerability in order to disseminate.




How come there are so many infections caused by worms that don't offer anything new (the same old propagation tricks, using the same vulnerabilities)?

Graham Cluley: Too many companies are failing to block unwanted executable content at the email gateway. A strict policy filter can weed out dangerous content and avoid new viruses from arriving via email. Furthermore, too many users are falling for the old confidence trick of "here's a sexy file, why not run it?"

David Perry: Email is the main propagation method for viruses today, and has been since the arrival of Melissa in 1999. E-mail makes a good medium for viruses, being almost universally used by all computer users. Note that the email virus of today is a very different animal from the ones we saw last century. In 1999 and 2000, most email viruses were restricted to only being valid in Microsoft Outlook and Outlook Express, while today's email worms carry their own SMTP engines and will work in any machine regardless of the email platform used.