Ever wonder why viruses like Bad Trans, Nimda and SirCam keep popping up in your inbox while new worms like Klez-G...
are grabbing all the headlines?
Such a scenario isn't usual. While viruses and worms may die down, they are never truly dead as long as there are unprotected systems on the Internet.
Trend Micro's most prevalent "in-the-wild" malware survey for the second week of April includes a few old favorites including Badtrans and Nimda:
- 1. WORM_KLEZ.E
- 2. JS_EXCEPTION.GEN
- 3. PE_MAGISTR.B
- 4. WORM_BADTRANS.B
- 5. PE_MAGISTR.A
- 6. WORM_MYLIFE.J
- 7. WORM_SIRCAM.A
- 8. PE_NIMDA.A-O
- 9. VBS_HAPTIME.A
- 10. PE_NIMDA.A
Symantec has found the W95.Hybris.Gen worm to be the fifth largest threat so far this month. The worm was first discovered in September of 2000. Other older malicious code such as Badtrans, Nimda and SirCam are also in its top five.
"I have even heard of people popping in old floppy disks and getting viruses that went around three or four years ago," said Chris Wraight, technology consultant with Sophos.
Why is this the case? Why don't viruses just float off to oblivion?
The answer is simple: antivirus protection -- or the lack of it.
"If the number of PCs was static, we could hope to eventually have enough protected by antivirus software to stop the spread, said Robert Vibert, moderator of the Anti-Virus Information Exchange Network and a site expert for SearchSecurity. "But, we don't live in that world."
Every day people are hooking new machines up to the Internet without antivirus protection. "We also have to remember that many computers are in use in places around the world where AV software is not commonly used," Vibert said.
For companies that keep their antivirus software updated, old viruses aren't really a concern as such software is cumulative, meaning it protects you for software dating back a long time.
However, companies with antivirus software that isn't updated may be worse off then companies without the software at all. "Such people think they are protected but in reality they are not," said Steve Trilling, senior director of research at Symantec's Security Response.
While a handful of viruses get much media attention, there are thousands of others that never quite make it. For example, Wraight of Sophos sees about 1,000 viruses a month come through. "Most are not very sophisticated," he said.
Before Melissa, one of the first major e-mail viruses, it was pretty easy to stamp out viruses so they would stop spreading, Trilling said. At that time, viruses literally had to travel by foot. A person had to carry the virus on an infected disk from machine to machine. Now, an e-mail virus has to hit one unprotected person with a large address book to literally spread around the world.