March's Bug Story: Old Worms Maintain Grip - InformationWeek
IoT
IoT
News
News
3/31/2005
03:21 PM
50%
50%
RELATED EVENTS
Faster, More Effective Response With Threat Intelligence & Orchestration Playboo
Aug 31, 2017
Finding ways to increase speed, accuracy, and efficiency when responding to threats should be the ...Read More>>

March's Bug Story: Old Worms Maintain Grip

Older worms and viruses continued to dominate March's list of Top 10 baddest apples, security firms say.

Older worms and viruses continued to dominate March's list of Top 10 baddest apples, said security firms Thursday, in part because users don't update their anti-virus defenses, but also because 2005's entries have been too weak to unseat the old guard.

According to the list produced monthly by Sophos, the Zafi.d worm led the Top 10 for March by accounting for 45.1 percent of all the malicious traffic the U.K.-based security vendor monitored. Netsky.p came in second with 21 percent of the month's total. Rounding out the top 10 were Zafi.b, Sober.k, Netsky.d, Netsky.z, Netsky.b, MyDoom.o, Netsky.c, and Netsky.q.

"The older worms continue to spread insidiously," said Graham Cluley, a senior technology consultant with Sophos. "They're just not dying off, and it's because there are a lot of people who haven't protected their computers.

"Just because your new PC came with anti-virus software, you mustn't think that that's the end of the story. Those trial versions typically expire in a few weeks, and even during the free-use period, they're usually out of date, since they're built on old disk images."

Zafi.d, for instance, first appeared in mid-December 2004, and has held the top spot in Sophos Top 10 since then. All but one of the ten worms or viruses, in fact, are from 2004.

"Think of Typhoid Mary, spreading disease. Unprotected PCs are like that. Similarly, poxed PCs continue to spread these diseases," said Cluley.

"It's really worrying that some of these worms are over a year old. With so many thousands of viruses out there, what are the chances of these PCs being protected against the newest threats, like spyware?"

Another reason the senior citizens of malware remain potent is that there haven't been any real replacements of late. "The older worms continue to hold their spots because there haven't been any new, large outbreaks yet this year," said Cluley.

In other end-of-the-month reports, managed e-mail provider Postini noted that it saw a slight dip in the amount of malicious messages during March. "Only" 87 percent of the mail traffic Postini processed was spam or virus-carrying messages, the Redwood City, Calif.-based company said; that was a 1 percent drop from February.

The firm also tracked a larger decrease of 8 percent in the number of directory harvest attacks in March. So-called DHAs are brute-force attempts by spammers to guess addresses by bombarding mail servers in the hopes of spotting the legitimate addresses. Those are added to the spammer's database for later blitzing.

Postini believed that the down-turns were only temporary. "In March, we saw typical fluctuations in spam, virus, and DHA levels," said Andrew Lochart, the director of product marketing at Postini, in a statement. "While the overall trend for the past five years has been a steady increase, we occasionally see small declines from month to month. We foresee no long term decrease in the amount of spam businesses can expect to receive."

Mail-Filters, a San Mateo, Calif.-based company that OEMs its anti-spam technology, weighed in with its March numbers, which concentrated on phishing attacks.

The volume of phishing messages climbed 17 percent during March, Mail-Filters alleged. (Other data, such as that collected by the Anti-Phishing Working Group, is a month behind, and indicated a small 2 percent increase in the number of phishing campaigns.)

One disturbing pattern that Mail-Filters monitored was a jump in the number of phishing messages sent on weekdays. Previously, phishing volume spikes would show each weekend, indicating consumers as the primary target group. "[There was] a noticeable increase in weekday phishing message attacks aimed at corporate users" during March, said Mail-Filters in a statement.

With March over, some security vendors looked to April, especially April 1, April Fool's Day.

"People should not forget common-sense rules for computing during April Fool's day," said Mike Murray, the director of vulnerability and exposure research at San Francisco-based nCircle. "Opening email from unknown source or clicking on attachments can make a computer vulnerable to attacks."

April Fool's Day is particularly troublesome, since millions use e-mail or instant messaging to exchange pranks, often involving files and/or Web site links.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll