Trying to name the worst viruses of any given year is always a difficult task, but in a year characterised by increasingly "intelligent" viruses and worms, the task is all the harder.
Judging by most vendor reports, the three viruses that will most likely head the year-end lists will be SirCam, BadTrans and Nimda. SirCam has topped most lists for more than four months and will perhaps only be challenged by the recent BadTrans worm that spread through the Internet earlier this month.
A year-end list released by Sophos earlier this month, perhaps prematurely, puts SirCam at the top of the list with the Nimda worm following a close second. According to the report, these two viruses accounted for over 50% of all virus reports received.
One notable omission from most virus lists is Code Red, which was hyped to such an extent that even the FBI warned of an Internet meltdown. Despite its fearsome reputation, Code Red failed to make much of an impact, even if some security experts argue that it is harder to assess its effect because the worm was not spread only through e-mail.
Equally notable is the fact that the Kakworm appears in most top 10 lists for the third year in a row. Despite being discovered for the first time at the end of 1999, the worm is still the best illustration that most users fail to observe even the most basic of security precautions. The Kakworm came in at number seven on the Sophos list and number 10 on the MessageLabs list.
Magistr, first discovered in March, also makes it onto most top 10 lists as does Hybris, a worm better known as SnowWhite.
The worm that will undoubtedly appear in the top three by year-end is the recently released BadTrans worm. Sophos puts the worm at the top of its most recent monthly list, as do Kaspersky Labs and Symantec. BadTrans was very similar to the Nimda worm released in early April; exploiting a known insecurity in Outlook that allowed the worm to spread simply by clicking on a message and not needing users to open attachments.
The past year was also one that was characterised by increasingly "intelligent" worms that often used multiple methods of spreading. The best example of this new trend is the Nimda worm. A report issued by Symantec in Nimda`s wake noted that it spreads using four methodologies. The report also highlighted the fact that in many cases the worm required no human interaction to spread itself, making "these new worm strains ... harder to detect and faster spreading than previous worms".
"Nimda`s anonymous author only unleashed his creation in September, yet it still represented more than a quarter of all reports to the Sophos helpdesk," says Graham Cluley, senior technology consultant at Sophos Anti-Virus. "Nimda was effective because it could infect computers using a variety of techniques. It is likely that we will see more multiple-pronged attacks in the future."
Cluley says Sophos detected 11 160 new viruses, worms and Trojans during the year, and its anti-virus laboratories produced more than 30 detection routines a day. For most companies it was the sheer volume of attacks that brought them to their knees, with IT administrators reporting thousands of attacks every hour.
In March, the first cross-platform Windows and Linux worm, known as Lindose, was released, and in May, a Unix worm known as Sadmind proved that not only Microsoft products are open to infection. It was also the year for instant messaging platform viruses, with FunnyFile and Choke cautioning users that it is not only e-mail that spreads viruses.
Virus writers also came under the spotlight this year with some being sentenced while others still await trial. Jan de Wit, found guilty of writing the Anna Kournikova worm, was sentenced to 150 hours of community service in the Netherlands. In the US, David Smith is still awaiting sentencing two years after pleading guilty to writing the Melissa virus and causing $80 million worth of damage.
Share
