The growth of malicious code slowed between July 2001 and the end of last year, but new viruses pose a more constant threat and last longer than in previous years, a new survey of companies has found.
The Virus Prevalence Survey was conducted by ICSA Labs, an independent division of IT security specialist TruSecure. ICSA Labs gathered information from 306 medium-size and large companies and government agencies. The purpose of the survey was to understand trends on the prevalence of viruses and malicious code on computer networks. The survey covered more than 900,000 computer desktops, servers and gateways.
More than 1.2 million incidents involving viruses or malicious code were recorded during the course of the survey, which translates to 113 virus encounters a month for every 1,000 machines on a network during the 18 months covered by the survey.
The rate of infections has grown at a rate of about 12 virus encounters per 1000 machines each year since the survey began in 1996. However, between 2001 and 2002, that growth was considerably slower than in previous years, increasing by only two encounters per 1,000 machines, the survey found.
ICSA also noted a decrease in the number of companies reporting a virus "disaster" during the survey period. Eighty percent said they had experienced a virus disaster, down from 84% in ICSA's last Virus Prevalance survey. ICSA attributed that decrease, in part, to the absence of a massive virus outbreak along the lines of the Code Red or Klez viruses in previous years.
Viruses were a more constant threat in the period covered by the survey than in previous years. The average rate of infections per month was higher than in previous years and the threat of incidents remained at a higher level throughout the period covered by the survey, ICSA said.
Despite the slow down in the growth of new viruses and the absence of a Code Red-style outbreak, the viruses that did circulate appeared to have more staying power than those in previous years, according to ICSA.
The prevalence of mass mailing viruses and internet worms account for the increase in durability. Those virus types are harder to remove, even after virus definitions are available.
As a result, new variants of the Klez worm linger on networks rather than spiking shortly after they are introduced, then quickly dying out, ICSA said.
The cost of cleaning up after a virus infection also rose in the period covered by the survey. On average, 23 staff days were required for virus disaster recovery, up from 20 days in ICSA's last Virus Prevalence survey. The average cost to companies was $81,000 (£51,000) for companies responding to the latest survey compared with $69,000 (£44,000) in the last survey.
The world may just be witnessing the transition from an older generation of viruses and worms to a new one. New virus types, expanded connectivity and the spread of wireless devices mean that infection rates will likely grow in the future, ICSA said.
To protect themselves, corporations should adopt holistic protection philosophies that supplement antivirus technology with e-mail gateway filtering and controls on desktop applications and Web browsers.
Complementing identity-based antivirus screening with more flexible heuristic antivirus technology will also help defend against the next generation of Internet viruses.