August 2003: Worst Virus Season Ever?

August, 2003

So far this month there have been more than 50 new Internet viruses that have surfaced that represent at least a minor security threat, and that number will probably top 75 by month end. That in itself is not news. Unfortunately, it is now common for IT security watchdog organizations to report dozens of new viruses each month. However, the potential threat and economic impact of a few of the viruses that have surfaced this August is unusually high.

Starting on August 11, the Blaster or Lovesan worm created havoc for many companies and home PC users, despite the fact that it leveraged a known Microsoft security flaw and a fix had been available for several weeks. Although Microsoft was able to minimize the Blaster threat by taking down the site link that the virus intended to inundate, many computers are still being infected and the clean up will continue for quite some time. And to make matter worse experts are anticipating even more virulent strains of this virus in the near future.

Although not as serious as expected, a variation on the Blaster virus has already surfaced entitled Blaster-B. Like the original worm, it infects PCs running Windows XP and Windows 2000 operating systems. A similar virus named RpcSpybot-A exploits the same Microsoft vulnerability, but is not considered a variant of Blaster. It is designed to create a back door on the targeted machine, providing the attacker control of the infected system.

Another serious virus dubbed Nachi or Welchia exploded on the scene only a few days after Blaster. This virus is a so-called “benign” or “do-gooder” worm since it is designed to seek out systems infected with the Blaster virus, download the Microsoft patch, and reboot the system. Ironically, for many corporate environments Nachi has been more troublesome than the virus it was intended to eradicate, as it has clogged networks and nearly brought many email systems to a standstill.

Possibly the most damaging of all the August “can of worms” is the new Sobig.F virus, a variant on the initial Sobig.A virus that surfaced in January. As of Friday morning (August 22), AOL reported that it had blocked more than 20 million copies of the virus. One of the most important aspects of Sobig.F is its incredible speed. In fact, it is being dubbed as the fastest spreading virus ever.

Earlier this year, the Slammer worm rocketed around the globe and disrupted hundreds of thousands of systems, slowing Internet traffic to a crawl. It also created denial of service issues for many corporate networks around the world, including several major financial institutions. Computer Economics estimated that the financial impact of the Slammer worm exceeded the $1.25 billion mark worldwide.

When the final cost of this month’s series of virus attacks is tallied, Computer Economics estimates that the figure will likely exceed the cost of the Slammer worm and may rise as high as $2 billion. However, none of the current viruses are likely to challenge the all time record holder. In 2000, the financial impact of the infamous LoveBug was estimated to exceed $8 billion worldwide.

August 2003