Two new studies add weight to what information security experts have said all year: Malicious activity is way up and Windows is the prime target.
Lynnfield, Mass.-based antivirus firm Sophos said in a recent report that they detected 4,677 new viruses in the first six months of 2004; a 21% increase over the same period last year.
The general consensus that Windows is the main target is bolstered by a soon-to-be released study by Santa Cruz, Calif.-based research firm Evans Data. More than 90% of Linux users who were surveyed said their systems have never been attacked, and several suggested they switched over from Windows because of increased vulnerabilities.
"It's been a dangerous year," said Graham Cluley, senior technology consultant at Sophos. "We've seen more viruses, they're spreading faster and they are leaving backdoor Trojans behind that are used for future attacks. Hackers understand the value of having an army of zombie PC's and that's what they're working towards."
Steven House, senior product manager for Cupertino, Calif.-based network management firm Packeteer, said his clients have definitely seen a dramatic increase in virus activity this year. "This time last year, there was some activity. Customers were saying they spend some time on security problems," he said. "Since late last year, the number of customers overwhelmed with activity has gone way up."
According to Sophos, the Sasser worm has accounted for more than a quarter of all viruses so far this year. It topped the virus chart despite the battle between the Netsky and Bagle worms that has raged since February, producing six of the most damaging viruses so far this year. Netsky-P has been most prevalent. MyDoom, the fifth-most-damaging virus this year, highlights the increasing trend of virus writers trying to create armies of possessed PCs. The sixth most prevalent virus so far is Zafi-B, which carries a message calling on the Hungarian government to house the homeless and introduce the death penalty against criminals. The report also noted the appearance of Cabir, the first worm targeting mobile phones.
Cluley pointed to one piece of good news: This year's most prolific malware scribe got caught.
"Increased scrutiny from law enforcement agencies and Microsoft's bounty initiative to encourage people to snitch on virus writers led to a very-high profile arrest in Germany," he said. "Sven Jaschan, the teenage author of the Sasser worm and member of Skynet, the gang responsible for distributing Netsky, confessed in May. The German virus-writing community has been relatively quiet ever since." Cluley noted that Jaschan's handiwork accounted for 70% of all virus activity for the first half of the year.
Industry experts agree hackers are easily deploying zombie armies and other bugs across the Windows landscape.
"The success of Linux is attributed to the fact that the bad guys won't take the time to write two pieces of code," said Alan Simpkins, head of North American security practices for Amsterdam-based network services provider Equant. "It's more difficult to write malicious code for Linux, and if you're doing it for the notoriety, you're going to go for the easiest, most public target. That's Microsoft."
Nicholas Petreley, Evans Data's Linux analyst, said his firm's research bolsters that point. "One thing we're seeing this year is that because of the sharp increase in attacks, a large number of respondents are switching from Windows to Linux." Petreley said 92% percent of respondents indicated their Linux systems have never been infected, 78% said their systems have never been hacked and less than 7% were hacked three or more times.
All agreed the lesson for enterprises is that they must have regularly-updated antivirus protection, keep up with the latest patch releases and deploy devices that monitor networks for suspicious activity.