Nimda the most annoying virus so far: report

Internet bugs Sircam and Nimda were the year’s most lingering, aggravating e-threats, while the much-hyped Code Red only registered a blip, according to one anti-virus software vendor.

The report, which tallied the calls made by network administrators to the helpdesk of the Wakefield, Mass.-based Sophos Inc. during 2001, found that September’s Nimda worm accounted for 27.3 per cent of calls, followed by the Sircam virus at 20.3 per cent. The top five was rounded out by the less well known Magistr, Hybris and Apology viruses which accounted for 12 per cent, 6.2 per cent and 3.8 per cent of help requests respectively.

“In the case of Nimda it was such a problem because the virus spread in multiple ways – via e-mail, infected Web sites and network shares, so this was a triple threat in a way. It just spread so fast it took the industry’s breath away. I would be surprised if anything were to overtake Nimda before the end of the year, but I say that with some trepidation because we don’t want to tempt fate,” said David Hughes, the North American president of Sophos.

The Code Red worm, which grabbed national headlines for several days in mid-July, received less than two per cent of helpdesk queries, and did not even place in the Sophos top 10 – possibly due to the very level of press it received, said Hughes.

“That incident received an enormous amount of hype and it may have been that all of the focus that governmental and industry officials brought to it paid off by limiting its spread somewhat. If you look at the hits on Microsoft’s Web site, the number of people that downloaded the patches (to block Code Red) suggest that all the publicity did have a very beneficial effect in reducing its spread,” Hughes said.

Rick Broadhead, a Toronto-based Internet consultant and co-author of Get A Digital Life: An Internet Reality Check, agreed that the brief but intense hype around Code Red gave companies a much-need heads-up.

“Because of the ominous warnings . . . everyone was on edge waiting for something to happen and it didn’t. I think this is just evidence of the fact that we’ve learned over time how to implement emergency preparedness measures when this type of a threat becomes real. We’ve had enough of these threats that organizations now take them seriously. Just like a bomb threat – you know what you need to do and you do it,” Broadhead said.

Another thing that Sophos observed this year were viruses that were more aggressive in the way that they spread themselves, Hughes said.

“At the beginning it was quite common for viruses or worms to spread via entries in one’s Outlook name and address book, then we started to see viruses and worms that were spreading via their own SMTP routines. So I would say that the threshold seems to be advanced each year by virus writers. Still, most are primitive, but I would say there are a growing number of more sophisticated and more virulent viruses,” Hughes said.

As e-threats go, 2001 saw several other firsts that were interesting, if not entirely surprising, Hughes said. These included the first viruses that were able to attack instant messaging platforms; Lindose, the first virus to infect both Windows and Linux operating systems; and Sadmind a Unix worm that demonstrated that systems other than Microsoft can be vulnerable.

Although mindful of hyping coming threats, Hughes said that it’s likely that virus writers will continue to push the envelope in the coming year.

“I think we’ll see viruses that spread more quickly and broadly. This year was definitely the year of the e-mail-aware worms, and I certainly think that will continue in the coming year. One might also think that there could be more political motives for writing viruses in the coming year, given the current world situation. I certainly hope that that’s not the case, but it’s something we all have to be alert to,” he said.

To keep networks safe, there are three key areas that companies should look at, Hughes said. The first is preventative technology, the second is safe computing practices, and the third has to do with the education of users and employees.

“With respect to safe computing practices, it’s really important that companies implement the security patches that are issued by Microsoft, or whoever their infrastructure vendors happen to be. The Badtrans-B virus that’s currently spreading very rapidly in Europe exploits vulnerabilities that Microsoft alerted people to in the end of March of this year, so people who implemented that patch earlier would have been saved a lot of trouble,” Hughes said.

After years of Internet watching, Broadhead is philosophical about viruses, noting that “just like every year there is a major hurricane, every year it seems that we have a major virus that we have to deal with, and I’m sure that in 2002 there’s going to be another one.”

“I think that viruses, like hurricanes, are just something you have to get used to – it’s a given risk when you’re on the Internet. But I don’t think we should get complacent and assume that we know how to deal with these viruses, because what we’re seeing is that they become more and more malicious – just when you think it can’t get any worse along comes a virus that we’ve never seen before.”

Rick Broadhead is at http://www.rickbroadhead.com

Sophos is at http://www.sophos.com.