A host of high-profile virus and worm attacks from Nimda and Code Red to SirCam and Goner surfaced last year.
Three months into 2002, no viruses of that magnitude have popped up. Is it a slow year for viruses?
"I would assume that it has been. However, I do not measure the rate of occurrence as an indicator of good or bad," said Neil Jackson, an IT auditor for a Web-based brokerage firm. "Maybe viruses are tougher to write. Maybe the writers are tired of writing. Or, maybe they've become more patriotic to their personal integrity."
"We're hit hundreds of time a day, but never has the hit gained the batter a base," Jackson said.
While expensive outbreaks make headlines, other viruses are always making rounds. Earlier this year, the relatively harmless MyParty virus spread by pretending to be a link to a Web page containing pictures of the sender's last vacation. Every day several new viruses are found.
"From reports of newly discovered viruses, it would seem that virus writers are still hard at it," said Clifford Cuellar, information technical specialist for Washington State Department of Natural Resources. "I think improved awareness of virus characteristics and improved use of AV software have kept the spread down."
Security incidents more than doubled last year. There were more than 52,000 security incidents, which included network intrusions and Web site attacks, according to the Computer Emergency Response Team (CERT) at Carnegie Mellon University in Pittsburgh.
While it may appear this year that users have been spared a major malicious code outbreak, it's still too early to tell, said Vincent Weafer, senior director of Symantec Security Response. During the last few years, there have only been a few major attacks each year. For example, Melissa dominated headlines in 1999, ILOVEYOU in 2000 and Nimda and Code Red last year.
Such malicious code should serve as lessons to everyone from home users to large corporations, Weafer said. For example, home users and small business owners need to learn security is more than antivirus protection and installing firewalls. They need to become more attuned to their digital assets, Weafer said.
Large enterprises already understand security well, but need to focus more on risk assessment, Weafer said. For example, the exploit that Code Red took advantage of last year was revealed just weeks before the worm appeared. A large organization didn't have enough time to patch all their systems. Scrutinizing and prioritizing where to patch is a necessity, he said.
In fact, one significant trend is the dwindling time between a vulnerability being discovered and the creation and distribution of malicious code to take advantage of it, Weafer said. What used to take months, now takes weeks.
"The speed of attacks is also increasing. A global mass mailer used to take months to spread. We could actually track it as it spread from country to country," Weafer said. "Now, a virus can be global in a matter of hours."