Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Virus Writing on the Increase – Sasser Worm the Major Irritant of 2004, But Netsky Worms Dominate Reports

  • 30 July, 2004 14:59

<p>Sophos charts virus activity for first six months of 2004</p>
<p>A report published by Sophos, a world leader in protecting businesses against viruses and spam, reveals that the number of new viruses being written is increasing. In total, Sophos has detected and protected against 4,677 new viruses in the first six months of 2004, up 21% on the same period last year.</p>
<p>The Sasser worm accounted for more than a quarter of all viruses reported to Sophos so far this year, even though the worm only first appeared in May.</p>
<p>Sasser claimed the top spot of the virus chart, in spite of the raging battle between the widespread Netsky and Bagle worms, which has wreaked havoc across the internet from mid-February. This war produced six of the most damaging viruses of the year so far, with Netsky-P proving to be the most prevalent. The good news for computer users was the May arrest of Sven Jaschan, the German teenager who confessed to authoring both the Sasser and Netsky worms.</p>
<p>For the first six months of 2004, the top ten viruses (as recorded by Sophos's global network of virus monitoring stations) are as follows, with the most frequently occurring virus at number one:</p>
<p>1. W32/Sasser (Sasser worm) 26.1%
2. W32/Netsky-P (Netsky variant) 21.4%
3. W32/Netsky-B (Netsky variant) 11.0%
4. W32/Netsky-D (Netsky variant) 6.8%
5. W32/MyDoom-A (MyDoom worm) 4.4%
6. W32/Zafi-B (Zafi variant) 4.0%
7. W32/Netsky-Z (Netsky variant) 3.1%
8. W32/Netsky-C (Netsky variant) 2.4%
9. W32/Sober-C (Sober variant) 1.5%
10. W32/Bagle-A (Bagle worm) 1.2%</p>
<p>Others 18.1%</p>
<p>"Following in the footsteps of last year's hard-hitting Blaster worm, Sasser exploited a critical vulnerability in Microsoft's operating system in order to spread – this type of worm is proving to be extremely 'successful' as Microsoft is finding it tough to ensure computer users apply patches as soon as the flaws are discovered," said Graham Cluley, senior technology consultant at Sophos. "Sasser may have taken top spot, but six of the biggest viruses of the last six months were all Netsky and Bagle variants – these caused a continued nuisance for PC users the world over as their authors entered into a very public game of virus writing one-upmanship."</p>
<p>"Reassuringly, virus writers haven't had it all their own way so far in 2004. Increased scrutiny from law enforcement agencies and Microsoft's bounty initiative to encourage people to snitch on virus writers, led to a very high profile arrest in Germany. Sven Jaschan, teenage author of the Sasser worm and member of Skynet, the gang responsible for distributing Netsky, confessed in May. The German virus-writing community has been relatively quiet ever since," continued Cluley.</p>
<p>MyDoom, the fifth most damaging virus so far this year, highlights the increasing trend for virus writers to attempt to create zombie armies of possessed PCs. This worm, which first appeared in January, opened a backdoor into infected PCs, allowing hackers to launch distributed denial of service attacks on the websites belonging to Microsoft and SCO.</p>
<p>The sixth most prevalent virus so far this year, the Zafi-B worm, is a prime example of how virus writers can use their malicious code to distribute political messages. This worm called for the Hungarian government to house the homeless and introduce the death penalty against criminals. It continues to be extremely successful in infecting computer users, spreading itself by email and peer-to-peer filesharing systems.</p>
<p>First mobile phone virus discovered:</p>
<p>The Cabir worm, first seen in June, was a proof of concept mobile phone virus. The worm that was written by the virus writing gang 29A, proved that it was possible for a virus to spread via Bluetooth to other compatible mobile phones in the vicinity. The worm posed no threat to mobile phone users as the virus was not released in the wild.</p>
<p>70% of virus activity linked to one man</p>
<p>Sophos has also revealed that 70% of virus activity in the first half of 2004 can be linked to a German teenager. Sven Jaschan, 18, is the self-confessed author of the Netsky and Sasser worms which hit internet users hard in the first six months of the year. Just two of Jaschan's viruses, the infamous Sasser worm and Netsky-P, account for almost 50% of all virus activity seen by Sophos up until the end of June. Counting Jaschan's other released variants of the Netsky worm, the total figure accounts for over 70%.</p>
<p>More arrests:</p>
<p>The first female to be charged with distributing a virus was arrested in February. Kim Vanvaeck, aka 'Gigabyte', suspected author of several viruses including Coconut-A, Sahay-A and Sharp-A, was arrested by Belgian authorities and charged with computer sabotage. If convicted she faces up to three years in prison and fines of up to 100,000 Euros.</p>
<p>In May, Wang Ping-an, a 30-year-old computer engineer was arrested in Taiwan for allegedly writing and distributing a Trojan horse that enabled hackers to steal sensitive information from the island's government computers.</p>
<p>"These arrests have sent a strong message to the virus community that the authorities will not turn a blind eye to criminal computer activity. However, the real deterrent will be tough sentencing. It will be interesting to see what punishments are dished out by the authorities against convicted virus writers and distributors," added Cluley.</p>
<p>Graphics of the above Top Ten virus chart are available at:
http://www.sophos.com/pressoffice/imggallery/topten/#six</p>
<p>About Sophos.
Sophos is a world leading specialist developer of anti-virus and anti-spam software. Sophos is headquartered in the UK and protects all types of organisations, including small- to medium-sized businesses, large corporations, banks, governments and educational institutions against viruses and spam. The company is acclaimed for delivering the highest level of customer satisfaction and protection in the industry. Sophos's products, backed by 24 hour support are sold and supported in more than 150 countries.</p>
<p>Sophos's regional head office for Australia and New Zealand is in Sydney and hosts one of the company's three Computer Virus Research and Development Laboratories to provide global support services.</p>
<p>http://www.sophos.com.au</p>
<p>FOR FURTHER INFORMATION:
Sean Richmond (sean.richmond@sophos.com.au) is available for comment:
+61 2 9409 9100 (tel)
+61 2 9409 9191 (fax)</p>
<p>Sophos's press contact at Gotley Nix Evans is:
Michael Henderson (sophos@gne.com.au)
+61 2 9957 5555 (tel)
+61 413 054 738 (mobile)
+61 2 9957 5575 (fax)</p>

Most Popular

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place