Virus creators target their work
Computer users could be forgiven for thinking that life online got safer in 2005 thanks to the lack of headline-hitting computer viruses.
Over the last 11 months the only viruses to get mainstream media coverage were the Mytob and Zotob worms.
What helped propel Zotob into the headlines was the fact that it managed to infect machines at several large media organisations including CNN and ABCNews and the Financial Times.
In 2004 Symantec recorded 35 of what it designates as Category Three and Four incidents, said Art Wong, head of the anti-virus firm's security response team. The higher the number, the more people infected by a particular bug.
By contrast, he said, 2005 has only seen five of these big hitting viruses.
Code change
The difference is due to a change in those who write viruses, said Mr Wong. Formerly the creators of malicious programs just wanted to spread fast to as many machines as possible.
"Now it's about financial gain not fun."
As a result the last thing a virus writer wants is for his creation to be noticed.
BIGGEST VIRUS FAMILIES
Backdoor - Agobot
Backdoor - Delf
Backdoor - Rbot
Backdoor - SdBot
Backdoor - VB
Trojan - Downloader
Trojan - Dropper
Trojan - PSW.Lmir
Trojan - Spy.Banker
Trojan - StartPage
Trojan - VB
Source: F-Secure
"Instead of huge pandemic worms being launched," he said, "the intent is to launch worms that infect machines without people knowing about them."
This also helps to explain the rise of spyware that attempts to hijack PCs and bombard people with unwanted adverts.
Instead virus writers have started pumping out many variants of their malicious creations in a bid to grab computers they can hijack or to steal
"We've seen a 100% increase in Category 1 and 2 viruses," said Mr Wong.
In total all the victims of all the variants of a virus may add up to as many as those infected by a single outbreak of older viruses, he explained.
But, he added, because there are small numbers of lots of viruses, few penetrate the mainstream media.
As a result, people feel safer even though just as many people are getting caught out. Without regular warnings, many people become complacent and forget basic safe computing.
Growth pattern
Security companies and researchers keep track of viruses by labelling them with letters in alphabetic order. After "z" comes "aa" then "ab" and so on.
There are so many variants of some viruses that they have wrapped round the alphabet three times.
For instance, in late October Finnish security firm F-Secure found and named a "btu" variant of the generic Trojan-Downloader bug. This means that there are more than 2,000 variations of this malicious program.
According to F-Secure there are 11 generic virus families that have racked up a similar number of alternatives.
And the pace that variants appear shows no sign of slowing down.
Security firm Sophos said that it saw 1,685 new virus variants in October 2005 - more than ever before.
Top of the virus charts is a variant of the Netsky.P virus which first appeared in March 2004.
Graham Cluley, senior technology consultant at Sophos, said virus writers were pumping out small numbers of lots of variants to help them handle the amount of data they are harvesting.
"What are you going to do with 200,000 passwords?" he asked. "They cannot handle that amount of data."
Far better for criminals, he said, to target small groups of users and harvest a manageable amount of data.
Sophos had seen customised attacks against employees of specific companies, customers of particular net service firms or simply the top few hundred names on a spam e-mail list.
"If you only send it to 200 people, it's more likely you will infect them for much longer," he said.
By Mark Ward
Technology Correspondent, BBC News website Story from BBC NEWS:
Published: 2005/11/15 09:50:05 GMT
© BBC MMV
Computer users could be forgiven for thinking that life online got safer in 2005 thanks to the lack of headline-hitting computer viruses.
Over the last 11 months the only viruses to get mainstream media coverage were the Mytob and Zotob worms.
What helped propel Zotob into the headlines was the fact that it managed to infect machines at several large media organisations including CNN and ABCNews and the Financial Times.
In 2004 Symantec recorded 35 of what it designates as Category Three and Four incidents, said Art Wong, head of the anti-virus firm's security response team. The higher the number, the more people infected by a particular bug.
By contrast, he said, 2005 has only seen five of these big hitting viruses.
Code change
The difference is due to a change in those who write viruses, said Mr Wong. Formerly the creators of malicious programs just wanted to spread fast to as many machines as possible.
"Now it's about financial gain not fun."
As a result the last thing a virus writer wants is for his creation to be noticed.
BIGGEST VIRUS FAMILIES
Backdoor - Agobot
Backdoor - Delf
Backdoor - Rbot
Backdoor - SdBot
Backdoor - VB
Trojan - Downloader
Trojan - Dropper
Trojan - PSW.Lmir
Trojan - Spy.Banker
Trojan - StartPage
Trojan - VB
Source: F-Secure
"Instead of huge pandemic worms being launched," he said, "the intent is to launch worms that infect machines without people knowing about them."
This also helps to explain the rise of spyware that attempts to hijack PCs and bombard people with unwanted adverts.
Instead virus writers have started pumping out many variants of their malicious creations in a bid to grab computers they can hijack or to steal
"We've seen a 100% increase in Category 1 and 2 viruses," said Mr Wong.
In total all the victims of all the variants of a virus may add up to as many as those infected by a single outbreak of older viruses, he explained.
But, he added, because there are small numbers of lots of viruses, few penetrate the mainstream media.
As a result, people feel safer even though just as many people are getting caught out. Without regular warnings, many people become complacent and forget basic safe computing.
Growth pattern
Security companies and researchers keep track of viruses by labelling them with letters in alphabetic order. After "z" comes "aa" then "ab" and so on.
There are so many variants of some viruses that they have wrapped round the alphabet three times.
For instance, in late October Finnish security firm F-Secure found and named a "btu" variant of the generic Trojan-Downloader bug. This means that there are more than 2,000 variations of this malicious program.
According to F-Secure there are 11 generic virus families that have racked up a similar number of alternatives.
And the pace that variants appear shows no sign of slowing down.
Security firm Sophos said that it saw 1,685 new virus variants in October 2005 - more than ever before.
Top of the virus charts is a variant of the Netsky.P virus which first appeared in March 2004.
Graham Cluley, senior technology consultant at Sophos, said virus writers were pumping out small numbers of lots of variants to help them handle the amount of data they are harvesting.
"What are you going to do with 200,000 passwords?" he asked. "They cannot handle that amount of data."
Far better for criminals, he said, to target small groups of users and harvest a manageable amount of data.
Sophos had seen customised attacks against employees of specific companies, customers of particular net service firms or simply the top few hundred names on a spam e-mail list.
"If you only send it to 200 people, it's more likely you will infect them for much longer," he said.
By Mark Ward
Technology Correspondent, BBC News website Story from BBC NEWS:
Published: 2005/11/15 09:50:05 GMT
© BBC MMV
