While the number of virus attacks decreased in the last year, the scale and the impact they have had on the Internet have increased significantly, says security software developer, Kaspersky Labs.
To date in 2003, there have been nine major virus outbreaks and 26 less significant ones, which is lower than 2002's figure of 12 major outbreaks and 34 minor incidents.
There were two global outbreaks in 2003, which were the biggest in the history of the Internet. Kaspersky says the importance of the two outbreaks lies in the fact that they were not caused by classic e-mail worms, but by worms modified for the Internet, which spread as network data packets.
In the first outbreak in January, the Internet worm Slammer (Helkern), which exploited a vulnerability in the Microsoft SQL Server in order to replicate, infected millions of computers throughout the world and increased network traffic by between 40% and 80%.
The worm attacked though ports 1433 and 1434 lodging itself in the memory of the machine as opposed to replicating itself on disk. Slammer became the first file-less Internet worm, which fully demonstrated the capabilities of flashworms.
The second outbreak was the Lovesan (Blaster) worm, which used a Windows security breach to propagate. However, in contrast to Slammer, Lovesan used a breach in the RPC DCOM service, which is present on every computer working under Windows 2000 and Windows XP. This meant that the majority of Internet users at the time were exposed to the worm.
January also saw the appearance of the first worm in the Sobig family, which were responsible for regular outbreaks. Version Sobig.f broke all records, becoming the most widespread e-mail worm in the history of the Internet. At the peak of the outbreak in August, Sobig.f could be found in every 20th e-mail message.
This particular piece of malicious program was especially dangerous with the virus creating an infected network of computers in order to carry out distributed denial of service attacks on random Web sites. The infected network of computers was also intended to act as a set of proxy servers for distributing spam.
Kaspersky Labs predicts the number of Internet worms over classic e-mail worms will increase again in 2004 with Internet worms set to become the dominant form of malicious code. The organisation says the trend highlights the utter necessity to install anti-virus protection and firewalls on every computer and corporate network.
The security software developer says the discovery of breaches in operating systems and applications is also a cause for great concern. In previous years, vulnerabilities were known about for a long time and patches already existed for the breaches, but in 2003 this time frame collapsed to a matter of weeks.
For example the breach in the Microsoft SQL Server was known about for more than six months prior to Slammer's attack. The instructions on how to exploit the breach were published in several places on the Internet. However, Lovesan, appeared only 26 days after a patch was issued to secure the RPC DCOM vulnerability in MS Windows.
A new trend in 2003 was the increasing appearance of a new class of Trojan programs, intended for illegal installation of proxy servers. This was the first and most noticeable sign of the appearance of mixed threats, a cross between viruses and spam.
Computers infected by Trojans were used by spammers for the distribution of unsolicited e-mail, without the owner of the computer being aware of such abuse. Spammers also participated in several major outbreaks where the initial replication of the malicious software used Sobig spamming technology.
Looking ahead, Kaspersky Labs says malicious software - including retroviruses (viruses that have inbuilt protection against anti-virus programs and firewalls) - will appear increasingly, with retroviruses being modified to delete information security products from computers.
Share