The year 2004 has been the year of the computer virus. As many as 30 virus outbreaks marked the year, a record-high when compared to previous years, says a study conducted by anti-virus specialist Trend Micro.
The first quarter alerts, numbering 12 in all, proved to be the highest ever reported in any given quarter in a three-year period range. The estimated average is only five outbreaks a quarter, says the study.
The number of alerts for the first few months of the year usually represents more than a third of the total outbreaks for the whole year. In the case of 2004, however, the fraction actually inches closer to 45 per cent.
This is primarily due to the aftermath of the 'war of the worms' between different variants of BAGLE, MYDOOM, and NETSKY, which tried to outdo each other in latching onto hapless user's terminals as well as eliminating traces of the competition in system memory, says the Trend Micro study.
Virus outbreaks in 2004
Trend Micro registers a total of 30 virus outbreaks for 2004, 28 are medium-risk alerts, and two are high-risk alerts (WORM_NETSKY.C and WORM_SASSER.B).
The mass-mailing worm programs BAGLE, MYDOOM and NETSKY caused a majority of the virus outbreaks for 2004.
- The BAGLE worm caused 15 outbreaks, while NETSKY caused 7 and MYDOOM, 3.
- As observed for the past three years, majority of virus outbreaks usually occur in the first quarter. The year 2004 registers a record-high of 12 virus outbreaks in the first quarter alone. The alerts for first and second quarters of 2004 are mostly an offshoot of the "BAGLE-MYDOOM-NETSKY war."
- The SASSER network worm, discovered on April 30, 2004, caused a high-risk alert by exploiting the Windows LSASS vulnerability (MS04-011). It rapidly spread across the globe a mere 17 days after the patch for the said vulnerability was made available, heightening the daunting prospect of a zero-day scenario.
- The aggressive clampdown on authors of malicious worm programs that led to the arrest of the SASSER worm author on May 8, 2004 helped lessen the successive virus outbreaks that ravaged the first and second quarters of the year. As a result, June 2004 registered zero alerts.
- The months of September and December turns in the least number of virus outbreak incidence in a three-year period range. September consistently turns in zero alerts.
The month of December has also been outbreak-free in 2002 and 2003. As of this writing, the year 2004 registers one December virus outbreak for the mass-mailer WORM_ZAFI.D (discovered: December 14, 2004).
The month of December was outbreak-free in 2002 and 2003, but this year has been marred by the release of WORM_ZAFI.D on December 14, 2004.
These worms actually simply took off where previous mass-mailers of 2003 such as MIMAIL and SOBIG left off, using run-of-the-mill spamming techniques to propagate, proving that e-mail is still the most effective propagation conduit.
These worms all commonly employ social engineering techniques to extend reach and maximize distribution potential, says Trend Micro.
Certain variants of the BAGLE and MYDOOM worms also arrive as zipped file attachments that require passwords (which are also given in the same e-mail message). This routine makes analysis and detection of the worm sample more difficult but it impedes easy infection of systems.
Surprisingly, however, these worms still manage to infect, meaning that some users are willing to go to great lengths to open a zipped file attachment that requires a password, with seemingly no awareness of basic virus routines.
The total number of infections recorded by the Trend Micro World Tracking Center (WTC) has been steadily growing every year. This year, WTC recorded a total of 37,822,805 infections, up by almost 8 per cent from 2003's 35,102,232 recorded infections.
More from rediff