It's that time of year again: Get ready for 2001 "Top 10" lists. In one of the first to come out this year, antivirus company Sophos PLC released its annual list of the top 10 viruses for 2001, with the Nimda worm taking honors as the most destructive worm or virus of the year.
Nimda accounted for 27 percent of all reports received by Sophos' help desk during 2001, with the Sircam virus making up 20.3 percent of all reports for the year, according to Graham Cluley, senior technology consultant at Sophos.
In its report, Sophos uses the term "virus" to cover viruses, worms and Trojan horses. While viruses and worms are both destructive or disruptive programs, the main difference between the two is that the distinct computer code in a worm can spread unaided whereas a virus needs a program or an end user's aid to perpetuate itself. A Trojan horse has its malicious or harmful code inside programming or data that appears to be harmless and once inside a PC hard drive, can take control and do the damage it is intended to do.
Nimda and Sircam made up almost half of all virus attacks reported to Sophos, according to Cluley. "So far this year, we've detected 11,160 new viruses, worms and Trojan horses, which just about brings the virus total to 70,000. In general, there are about 40 new viruses a day, 1,200 every month. About 30 to 40 of those virus break into what we call 'the wild' each month and cause serious problems," Cluley said.
At number three was Magistr with 12 percent of all reported infections, followed by Hybris with 6.2 percent, Apology with 3.8 percent, VBSWG-X with 3.6 percent, Kakworm with 3.1 percent, SST-A with 2 percent, Badtrans with 1.8 and Navida rounded out the list at number 10 with 1.8 percent, Cluley said. The remaining 18.2 percent of reported infections came from a variety of smaller viruses, he said.
Sophos has offices in the U.K., U.S., Australia, France, Germany, Italy, Japan and Singapore and as a result has a good idea of which viruses are attacking where, Cluley said.
When asked if the list may be premature, in that the current number nine, Internet worm Badtrans, may wreak havoc in December, Cluley conceded that the list is released at the end of November every year so that various magazines can include the list in their publications.
"Badtrans does appear to have legs and it is the most common worm, or virus to use the term generally, at the moment. But at the same time, it is not as big as Nimda and Sircam were at the same stages of their emergence (on the Internet)," Cluley said.
Cluley pointed out that no viruses attacked PDAs (personal digital assistants) or mobile phones in 2001, despite a lot of worry in the media to the contrary. Also in 2001, the most dangerous worm of the year, Nimda, could itself have been largely avoided.
"Nimda's anonymous author only unleashed his creation in September, yet it still represented more than a quarter of reports to the Sophos help desk. The reason Nimda was so effective is because it infected computers using a variety of techniques," Cluley said.
"It is likely that we will see more multiple-pronged attacks in the future. But what was in someways most worrying about Nimda was that Microsoft (Corp.) had realized that Nimda was out there, affecting Outlook and other Microsoft programs and they had released a patch in March. Since Nimda didn't really take hold until September, people are clearly not paying attention," Cluley said.
Cluley warned that the creation and spread of viruses, worms and Trojan horses is only going to proliferate next year due to the fact that the viruses are becoming increasingly easy to write because of virus-generating tool kits freely available over the Internet. The tool kits are written so that it is relatively easy for even amateur crackers to write their own worms.
Furthermore, since more and more home users are signing up for always-on, high-speed Internet access such as ADSL (asymmetric digital subscriber line), there will be a large increase in the number of home users who find their computers have been attacked, Cluley said.
"Home users should, like everyone else using Microsoft's Outlook and Outlook Express e-mail programs, or even Microsoft server software, should be signed up to receive their security updates. Also, home users may want to consider getting a firewall for their PCs at home," Cluley said.