1999: A year of old and new

January 25, 2000 Sophos Press Release

Sophos analysis shows mass-mailing viruses pose greatest threat

A report published by Sophos, the world leader in network-based anti-virus solutions, of the most commonly reported computer viruses throughout 1999 shows that virus writers are taking advantage of the Internet and corporate email systems to distribute their creations more quickly.

The analysis highlights three self-propagating viruses in the Top Ten. WM97/Melissa, W32/ExploreZip and W32/Ska-Happy99 forward themselves via email attachments to unsuspecting computer users. Instead of taking months to spread into the wild, these viruses have the potential to attack globally within days.

"Whilst we have seen a proliferation of new viruses, these results show that companies are still commonly infected by old viruses, despite the media focusing on new threats," said Graham Cluley, senior technology consultant for Sophos. "For example, Sophos statistics show that the most frequently reported virus of 1999 was XM/Laroux, a macro virus that infects spreadsheets, first seen in 1996. Meanwhile, the Form boot sector virus also appears in the Top Ten, despite being first seen almost 10 years ago. As always, we recommend that businesses keep their anti-virus software up-to-date and employ 'safe-computing' policies."

Other developments in 1999 included:

  • David L Smith pleaded guilty to distributing the Melissa macro virus, and admitted causing more than 80 million dollars damage to North American companies. Sentencing is expected in February 2000.

  • Asia Pacific was hit hard in April by W95/CIH-10xx, the first PC-paralysing virus that flashed computer BIOSes. Fortunately, Western companies had listened to anti-virus vendor warnings and had largely put protection in place.

  • An Internet hoax that claimed a game, which featured Santa Claus knocking down elves with a ten-pin bowling ball, was infected by a virus fooled millions of computer users. Paranoid users panicked that they may have unintentionally infected their company networks - but in fact the game was harmless.

  • The Bubbleboy worm threatened to break all the rules by being the first virus to execute itself as soon as a recipient's email is opened, rather than needing any attachment to be opened. This was only possible because of a security loophole in Microsoft Outlook, which many users quickly patched.
To view the Sophos top ten, please click here.