Sophos statistics show email-aware worms pose greatest threat
to businesses worldwide
Sophos, a world leader in corporate anti-virus protection, has
revealed that just two viruses, Nimda and Sircam, accounted for
almost 50% of the reports received by Sophos's helpdesk during
2001. Code Red,
the most hyped virus of the year, does not even appear in the top
ten. Sophos has detected 11,160 new viruses, worms and Trojan
horses to date this year, bringing the total protected against to
almost 70,000. On average, the Sophos virus labs produce detection
routines for over 30 viruses each day.
The top ten figures, as recorded by Sophos's helpdesk, are as
anonymous author only unleashed his creation in September, yet it
still represented more than a quarter of reports to the Sophos
helpdesk," said Graham Cluley, senior technology consultant at
Sophos Anti-Virus. "Nimda was effective because it could infect
computers using a variety of techniques. It is likely that we will
see more multiple pronged attacks in the future."
Nimda was closely followed by Sircam. By changing the
email subject line each time it replicated, the Sircam worm duped
thousands of users into double-clicking on an infected e-mail
attachment. Sircam was particularly damaging because of its ability
to steal confidential documents from computers and distribute them
to all email addresses in the user's address book.
Alongside newly reported viruses and worms, such as Nimda,
Sircam, Anna Kournikova and Homepage, the chart also contains a
worm that was first detected back in 1999. Kakworm, which topped
last year's charts, is still the seventh most commonly encountered
Other developments in 2001:
- The fate of virus writers continued to cause controversy.
Jan de Wit,
found guilty of writing the Anna Kournikova worm was sentenced to
just 150 hours of community service in the Netherlands when only 55
businesses admitted infection. Meanwhile in the US, David L Smith is still
awaiting sentencing two years after pleading guilty to writing the
Melissa virus and causing 80 million US dollars of damage.
- March saw the emergence of Lindose, the first virus
to infect both Windows and Linux operating systems. The Unix worm,
Sadmind (first detected in May) also demonstrated that it is not
only Microsoft systems that are vulnerable to viruses.
- The detection of the first viruses (FunnyFile and Choke) to attack instant
messaging platforms highlighted the need for increased user
vigilance and for businesses to remember that it is not just email
systems that spread viruses.
- Despite the hype, no viruses appeared in 2001 which attacked
Palms or mobile phones.
made headline news from July, prompting thousands of calls from
concerned customers. Despite predictions from some members of the
security community that the internet was set to collapse, Code Red
did not even make the top ten viruses of the year.
Predictions for 2002:
- Sophos predicts that 2002 will see even more virus activity,
with more email-aware worms being written. Additionally Sophos
believes that the increasing emergence of 'always-on' home
connections with ADSL and cable modems will increase the likelihood
of home users suffering from hacker attacks.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.