2003 is becoming a virus writers playground warns Sophos

NEWS Virus writing and high-profile infections have been on the rise this year, with significant activity over the past couple of months in particular. Figures from Sophos reveal the first six months of 2003 have seen a 17.5 per cent increase in virus activity over the same period last year - and this shows no sign of abating. Bugbear and Klez have done much to boost the figures, but Sobig variants and viruses which have employed specific social engineering, such as the Avril worm, have also added to the tide of malicious attacks. Bugbear has so far been the biggest irritant of 2003, accounting for 11.6 per cent of all virus reports, according to Sophos. Graham Cluley, senior technology consultant at Sophos, said: "Bugbear.B entered the frame late, but nevertheless it has generated more enquiries than any other virus in the last six months. By morphing its contents every time it forwards itself - and by spoofing the email address of the person who sent the virus - Bugbear-B has been the most prevalent and irritating virus so far this year." Bugbear.B represented a coming of age, of sorts, for virus writing. It was evidence of the tendency to rely on blended threats which offer more than one means of infection - typically targeting network shares, email, internet relay chat and peer-to-peer services. Increased methods of attack increase the likelihood of infection. As a result, eight of the viruses in the top 10 for the past six months have more than one infection method, reminding IT managers that they are now fighting the battle against viruses on more than one front. These findings support the assertions of most other vendors in the antivirus field, where there is a belief that virus writers are becoming more and more advanced with every attack. Last week Gene Hodges, president of Network Associates told silicon.com: "10 years ago we were talking about virus writers and hackers as being 14-year-old boys with no girlfriend. Now they are 24-year-old programmers with no girlfriend. But in that time they have become far more advanced in their attacks." The full top 10 looks like this (figures in brackets represent percentage share of total virus reports, as measured by Sophos): 1. W32/Bugbear-B (11.6 per cent)
2. W32/Sobig-C (9.7 per cent)
3. W32/Klez-H (8.4 per cent)
4. W32/Sobig-B (5.3 per cent)
5. W32/Sobig-A (3.3 per cent)
6. W32/Avril-B (3.2 per cent)
7. W32/Bugbear-A (2.5 per cent)
8=. W32/Avril-A (2.3 per cent)
8=. W32/Fizzer-A (2.3 per cent)
10. W32/Yaha-E (1.8 per cent)
Others 49.6 per cent.