According to BitDefender SA MD, Grayford Holton, the BitDefender Labs have identified 11,650 new viruses or variants of viruses this year, almost double the number of viruses or variants identified in the second half of 2003 (6,430), and over seven times more than the 1,650 identified during the first half of 2003.
BitDefender analysts have compiled a top ten of the worst threats encountered in the first half of 2004. The top ten largely reflects the fight between various versions of NetSky and Bagle, as well as the enormous success these strains have had. The virus writers (VXers) behind NetSky and Bagle have been very prolific, as the NetSky strain is composed now of 30 variants (A through AD), and the Bagle strain is comprised of 47 variants (A through AU).
A possible cause for the high rate of infections and the large number of viruses released this year is the trend towards building more dangerous viruses. It seems social engineering -- a key component in the spreading of mass mailers -- has its limits, so VXers are turning to exploits to help spread their "creations?. This trend is easily explainable, since worms require no user intervention to spread.
?A significant number of exploitable holes in MS Windows were found and left unpatched by a sizeable portion of the user base in the first half of 2004, leading to the Sasser epidemic, among other things,? explains Holton. The trend is easily discernible. While 75 percent of the viruses identified in 2003 were mass mailers, the proportion has declined to 65 percent, with the worms taking up the rest of the chart.
"The threats faced by Internet users have grown and diversified. With the proliferation of worms, Trojans and other malware we are seeing, applying common sense rules like "patch quickly" and "do not open spooky attachments" is just not enough to keep systems protected. Unfortunately, it would seem that our work is more necessary than ever," he adds.
Another significant trend is the increasing spread of "bots," either autonomous or networked. These make up a large part of infections lately, and are seeing wider use in illegal activities, because they include functions like password and Credit Card Number (CCN) collection and the possibility to launch Distributed Denial of Service (DDOS) attacks.
Second place in the BitDefender top 10 for the first half of 2004 goes, therefore, to Backdoor.SDBot.Gen, which does not represent a bot per se, but is instead the generic name under which BitDefender scanners recognize the backdoor components of an ever-increasing number of related bots.
Anti-virus manufacturers have repeatedly issued warnings to computer users worldwide to increase their awareness with regard to the danger of opening suspicious file attachments. Nevertheless, despite the emergence of bots and high profile worms like Sasser, mass mailers thoroughly outpaced everything else in terms of sheer numbers, so first place goes to NetSky.P.
Side bar
BitDefender"s top 10:
1. Win32.NetSky.P@mm
2. Backdoor.SDBot.Gen
3. Win32.NetSky.D@mm
4. Win32.Bagle.Z@mm
5. Win32.NetSky.B@mm
6. Win32.Bagle.AA@mm
7. Win32.Zafi.B@mm
8. Win32.NetSky.Q@mm
9. Win32.NetSky.AA@mm
10. Win32.MyDoom.A@mm