Virus infections on the rise

October 2004


Fastest average response time awarded to BitDefender

The number of computers infected by viruses has grown this year. This alarming fact is largely due to the great number of new viruses/variants released in the wild in the first semester of 2004.

During the reference period, BitDefender Labs have identified 11,650 new viruses or variants of viruses this year, almost double the number of viruses or variants identified in the 2nd half of 2003 (6,430), and over seven times more than the 1,650 identified during the 1st semester of 2003.



BitDefender analysts have compiled a top ten of the worst threats encountered in the first half of 2004. The top largely reflects the fight between various versions of Netsky and Bagle, as well as the enormous success these strains have had. The virus writers (VXers) behind Netsky and Bagle have been very prolific, as the Netsky strain is composed now of 30 variants (A through AD), and the Bagle strain is comprised of 47 variants (A through AU).


BitDefender's Evil Top 10 ( first half 2004 )

1.

Win32.Netsky.P@mm

2.

Backdoor.SDBot.Gen

3.

Win32.Netsky.D@mm

4.

Win32.Bagle.Z@mm

5.

Win32.Netsky.B@mm

6.

Win32.Bagle.AA@mm

7.

Win32.Zafi.B@mm

8.

Win32.Netsky.Q@mm

9.

Win32.Netsky.AA@mm

10.

Win32.Mydoom.A@mm



A possible cause for the high rate of infections and the large number of viruses released this year is the trend towards building more dangerous viruses. It seems social engineering (a key component in the spreading of mass mailers) has its limits, so VXers are turning to exploits to help spread their "creations." This trend is easily explainable, since worms require no user intervention to spread. A significant number of exploitable holes in MS Windows were found and left unpatched by a sizeable portion of the user base in the first semester of 2004, leading to the Sasser epidemic, among other things.

The trend is easily discernible. While 75% of the viruses identified in 2003 were mass mailers, the proportion has declined to 65%, with the worms taking up the rest of the chart.



"The threats faced by Internet users have grown and diversified. With the proliferation of worms, Trojans and other malware we're seeing, applying common sense rules like 'patch quickly' and 'don't open spooky attachments' is just not enough to keep systems protected. Unfortunately, it would seem that our work is more necessary than ever," stated BitDefender CTO Bogdan Dumitru.


In terms of malware threat reaction, the German independent anti-virus authority AV-Test www.av-test.org recently issued an analysis at the Virus Bulletin 2004 International Conference which clearly points out BitDefender as having the fastest average response time in the last 8 months (Jan 1, 2004 until Sep 1, 2004) :

Less than 2 hours: none

1. BitDefender (Less than 4 hours)
2. Kaspersky (Less than 4 hours)
3. AntiVir (Less than 6 hours)
4. Dr. Web (Less than 6 hours)
5. F-Secure (Less than 6 hours)
6. Panda (Less than 6 hours)
7. RAV (Less than 6 hours)
8. Quickheal (Less than 8 hours)
9. Sophos (Less than 8 hours)
10. AVG (Less than 10 hours)
11. Command (Less than 10 hours)
12. F-Prot (Less than 10 hours)
13 Norman (Less than 10 hours)
14 Trend Micro (Less than 10 hours)
15. VirusBuster (Less than 10 hours)
16. Avast (Less than 12 hours)
17. eTrust (Less than 12 hours)
18. Ikarus (Less than 14 hours)
19. McAfee (Less than 14 hours)
20. eTrust with VET engine (Less than 16 hours)
21. Symantec (Less than 16 hours)

Overall response time: about 10 hours

Another significant trend is the increasing spread of "bots," either autonomous or networked. These make up a large part of infections lately, and are seeing wider use in illegal activities, because they include functions like password and Credit Card Number (CCN) collection and the possibility to launch Distributed Denial of Service (DDoS) attacks. Second place in the BitDefender Evil Top 10 for the first half of 2004 goes, therefore, to Backdoor.SDBot.Gen, which does not represent a bot *per se*, but is instead the generic name under which BitDefender scanners recognize the backdoor components of an ever- increasing number of related bots.

Anti-virus manufacturers have repeatedly issued warnings to computer users worldwide to increase their awareness with regard to the danger of opening suspicious file attachments. Nevertheless, despite the emergence of bots and high profile worms like Sasser, mass mailers thoroughly outpaced everything else in terms of sheer numbers, so 1st place in the Evil Top 10 goes to Netsky.P.


Share This ON: