Bugbear and SoBig are top viruses so far in 2003

The Bugbear and SoBig viruses top a list of the most frequently occurring viruses of 2003, according to a report by antivirus...

The Bugbear and SoBig viruses top a list of the most frequently occurring viruses of 2003.

A total of 3,855 new viruses were introduced in the first half of this year, according to a report by antivirus company Sophos, an increase of 17.5% over the same time last year.

The growth of the internet, coupled with the wider availability of virus-writing tools, is driving this increase, said Sophos senior security analyst Chris Belthoff.

Many of the virus authors appear to be operating in countries that do not have antivirus laws, he added.

More than half of the viruses that Sophos tracked in 2003 appear to have emerged from Eastern Europe or the Pacific Rim.

"These people are probably of a mindset that they're untouchable under the law," he said.

A greater number of viruses, however, does not necessarily translate into a greater headache for network managers, according to one user.

"From a corporate standpoint, the greatest concern that I have is not so much a new virus that's based on an existing virus, it's a new virus using an exploit that, up until now, has not been widely attacked," said Rob Buchwald, a security manager with a manufacturers of plumbing supplies.

2003 has seen its fair share of new exploits, including Bugbear and SoBig, which respectively accounted for more than 14% and 18% of the inquiries to Sophos's technical support department through June of this year.

"The Bugbear virus was a pretty complicated virus in terms of what it did and the methods it used to spread," said Belthoff.

Bugbear would change its appearance, which made it hard for antivirus software suppliers to identify it, and it also appeared to target specific companies. "A lot of things in the Bugbear virus were pretty malicious," he said.

SoBig also represents a new direction for virus makers, said Mark Sunner, the chief technical officer of e-mail security company MessageLabs.

"We're now seeing virus technology used by the spam community," he said.

SoBig installs a trojan-type virus on any infected machine that could, eventually, be used as a spam relay point, Sunner said.

Infected machines are "effectively waiting for the spammer to come along and connect to them and use the machines for whatever they want", he explained.

The percentage of virus-infected e-mail intercepted by MessageLabs' software had increased by 13.6% in the past month, Sunner said.

Sophos declared Avril Lavigne the "virus celebrity of the year so far", thanks to the appearance of two variations of the Avril virus on the company's top ten list.

The virus contains a wide range of attachments with names like "AvrilSmiles.exe", prompting the many fans of Lavigne's music to launch the virus.

Avril accounted for more than 5% of Sophos's customer inquiries.

The top ten viruses on Sophos's list were, Bugbear-B, SoBig-C, Klez-H, SoBig-B, SoBig-A, Avril-B, Bugbear-A, Avril-A, Fizzer-A and Yaha-E.

Robert McMillian writes for IDG News Service


Read more on IT risk management