Weather | Sports | Forums | Comics | Classifieds | Calendar | Movies
It's an epidemic on the Internet this year. Viruses and worms are multiplying at record rates, infecting millions of computers and costing billions of dollars to fight.
In December, 300 new malicious codes were found, according to Trend Micro, an antivirus software company. By March, another 1,200 were added. The number in April grew to 1,700. And starting this month, the Sasser worm had four variations within days of its release.
"It's not that there are a lot of new viruses," said Bob Hansmann, director of product marketing at Trend Micro. "It's a matter of variants of a single virus coming out over and over and over."
In fact, letters at the end of a virus' name indicates its version. In some cases the industry has run through the alphabet (virus.a, virus.b, for example) and started doubling up (virus.aa, virus.bb).
"It's not minor changes," Hansmann said. "They are making significant changes, a little faster (releasing them), adding components, changing the kind of payload."
Virus writers are going after more than just the thrill of high-tech vandalism and wreaking havoc for attention. More and more, viruses, worms and other "malware" are looking for information.
Trend Micro estimates that 60 percent of the intruders now are "backdoors," code that bypasses security measures and gives virus writers access to personal information, passwords and other sensitive data.
Tactics also are changing. Opening an e-mail attachment, or simply reading a message, used to be the most common techniques. But Sasser broke new ground.
Sasser simply looks for vulnerable computers, plants itself, then searches for more unprotected PCs. A user didn't have to do anything and probably didn't know until it was too late that the machine was infected. Sasser victims might have trouble accessing the Internet and may suffer system crashes. Microsoft posted a cleaning tool on its site (www.microsoft.com/sasser)
While thousands of viruses and worms are floating around, only a tiny fraction blossom into major outbreaks. Yet security experts say the number of major incidents this year has passed 2003's total.
That's putting more pressure on consumers, businesses and the high-tech industry to protect computers and their networks. It's also a battle where users are always playing catchup.
"Antivirus software is reactive only," said Dave Dockery, who is president of the Tampa Bay Computer Society and who often speaks about security issues. "It's important for people to have virus protection, but you also need to learn what you can and cannot do" with a computer and online.
At a free repair clinic recently in Palm Harbor, Dockery says, volunteers found 12 of 14 computers infected with viruses. Most users at the clinic had current antivirus software and knew they should take precautions. But Dockery says many people are still unaware of basic security.
"They don't know the difference between a firewall and antivirus," he said. "I don't know what it takes. I'm getting more aggressive and looking for different ways of teaching."
Antivirus software finds infections after they've invaded a computer, and firewalls don't block all intruders. Some viruses can even cleverly co-opt some antivirus programs to make it seem as if they are working properly.
"It's almost like having a car," said Dee Liebenstein, group product manager for Symantec Security Response. "You need to maintain it, you need to get an oil change, you need to keep the tire pressure up. We're not at a point where people understand. You need to understand the security of that computer to be safe."
Microsoft frequently gets blamed for security holes in its products, particularly because its Windows operating system, Outlook e-mail and Internet Explorer browser are often the targets for viruses.
The company has vowed to improve security, and several times, including with the Sasser outbreak, Microsoft posted warnings and patches weeks before the viruses appeared.
While users ignored Microsoft, the virus writers took advantage, wrote their codes and released them. Microsoft representatives were not available for comment.
Dockery of the computer society says a year ago he would wait awhile before downloading Microsoft updates and patches to make sure there were no glitches. But no more.
"It's a more dynamic environment," he said. "The viruses and spyware have mutated to new levels of tenacity."
He also recommends occasionally using an online antivirus scan such as Trend Micro's free Housecall (housecall.trendmicro.com/housecall/start_corp.asp), which can act as a second opinion to make sure the system antivirus protection is working properly.
The most important step, experts say, is simply to stay alert.
"The bad guys are always looking for somebody to break into," Symantec's Liebenstein said.
- Dave Gussow can be reached at gussow@sptimes.com or 727 771-4328.
2004 top computer viruses
As reported by Central Command, an antivirus software company
January: Worm/MyDoom.A
February: Worm/MyDoom.A
March: Worm/Netsky.D
April: Worm/Netsky.P
So far this year...
January
- Bagle, also known as Bagel, a worm that arrives in an e-mail that looks like it's from a known sender and has the word "hi" in the subject line, quickly spreads throughout Asia, Australia and Europe in mid January. Bagle searches the PC's e-mail addresses, then mails itself to those addresses.
- Less than a week later, the MyDoom worm becomes the fastest spreading virus in history, infecting 1 in 12 e-mails at its peak. The virus targets a small Utah software company because of its threats to sue users of the Linux operating system in an intellectual property dispute.
February
- Microsoft wards off an attempted attack by a variant of the MyDoom virus. The company offers a $250,000 reward to anyone who helps authorities find and prosecute MyDoom's creator.
- Variations of the new Netsky worm begin spreading through e-mails with attachments that look like they're from a familiar person. One version of Netsky is programmed to remove the MyDoom virus.
March
- A new worm known as a phatbot or polybot begins spreading across computer networks. It commandeers networks, directing them to take part in online attacks. Phatbot uses technology like that developed for file-sharing networks such as Kazaa. The Department of Homeland Security asks computer experts to monitor the worm.
- MyDoom, Bagle and Netsky worms spread to more than 200 countries, infect more than 1-million PCs and cause an estimated $85-billion in damages by the end of the month.
April
- The latest variations of the Netsky worm show up online mid month. One infects PCs if users open an e-mail attachment, but another version infects computers when users just look at an e-mail. By the end of April there are 28 different Netsky worms jamming e-mail servers worldwide.
May
- At least four versions of the Sasser worm spread quickly through PCs using Microsoft's Windows XP or 2000 operating systems. Unlike other worms and viruses, Sasser doesn't use e-mail to spread and infect PCs connected to the Internet. It races around the world May 3, snarling hundreds of thousands of computers and causing Internet traffic to slow.
- Compiled by news researcher Kitty Bennett from AP and Times files.