http://www.reuters.com/news_article.jhtml?type=internetnews&StoryID=478221 By Elinor Mills Abreu December 26, 2001 SAN FRANCISCO (Reuters) - If security experts are calling 2001 the worst year for computer viruses, and December the worst month, how bad will things get in 2002? Experts are predicting that viruses and their cousins, the self-propagating worms, will find new and even more nasty ways to attack computer systems, possibly even hitting mobile devices, pocket PCs and smart phones in the coming year. Computer users should expect to see more viruses that try to dupe them into taking action that will execute the malicious code, said Vincent Weafer, senior director of Symantec Corp.'s security response center. Virus writers have learned that it's easy to trick people into opening attachments by telling recipients they are photos of Russian tennis star Anna Kournikova or labeling them "naked wife." Other virus ruses included misleading people into believing that by clicking on an attachment they could participate in a survey about the events in Afghanistan, or indicating that it was an antivirus software update from an established vendor. While such gimmicks were popular, the most damaging virus didn't spread via e-mail. At an estimated $2.6 billion in damages and 300,000 computers infected, Code Red was the biggest virus this year. It spread by exploiting a known vulnerability in servers running Microsoft Corp.'s Internet Information Server Web software. 'BLENDED THREAT' This year was the year of the "blended threat" virus, featuring multiple attack modes such as Nimda, which spread via e-mails and infected Web pages and servers. The more methods of attack, the faster and farther a worm can spread, experts say. "You've traditionally had hacker tools in one corner and virus writers in another corner," said Weafer. "Now they've come together." Vincent Gullotto, senior research director of Network Associates Inc.'s antivirus response team, also warned of more attacks that lure computer users to visit infected Web pages. In such attacks, victims receive e-mails that include Web addresses that, when visited, download malicious code to the computer. "You don't have to double click on anything. There's no attachment," Gullotto said. Because devices like the Microsoft Corp. Pocket PC 2002 and Nokia Communicator can be plugged into a desktop computer to download information, they are susceptible to some of the same computer viruses and worms that infect PCs, said Mikko Hypponen, manager of anti-virus research for Finnish-based F-Secure Corp. "The next wave of attacks are not going to come from the PC, but from wireless viruses," George Samenuk, chief executive of Network Associates, told Reuters in an interview recently. "Less than 5 percent of wireless devices have anti-virus software, while wireless networks are really taking hold," Samenuk said. 'SCRIPTS' AN EVEN GREATER CONCERN Another Network Associates researcher said experts are even more concerned with scripts, or malicious pieces of code, that are transferred between mobile phones via the instant messaging system. "There are things that can be done today in which you can send a script and it can shut the phone off," said Vincent Gullotto. But the mobile virus threat was played down by Sophos Anti-Virus senior technical consultant, Graham Cluley. "Is there a mobile threat? One year after the first warning we haven't seen a single mobile device virus in the wild," he said. Cluley added that Sophos has a team looking at mobile viruses, but for 2002 he advised that corporate clients spend their anti-virus budgets in other areas with higher risks. As of early December, corporations had spent an estimated $12.3 billion to clean up virus damage for the year, according to Computer Economics, a Carlsbad, California, firm that analyzes the economic impact of viruses and other computer security threats. After Code Red, the second most-costly virus, at an estimated $1 billion, was an e-mail worm dubbed SirCam that exported random documents from infected machines, putting the privacy of computer users at risk. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Dec 27 2001 - 09:51:21 PST