1998 dubbed "year of firsts" as record number of new virus types break

Sophos Press Release

Antivirus vendors had one of their busiest years yet in 1998, with a greater number of significant new viruses appearing than ever before. According to a report by Sophos, seven major new virus types were discovered last year.

The most interesting and possibly the most dangerous discovery was CIH, the first hardware-attacking virus. Although it did not appear until June, CIH was the eighth most reported virus of 1998. Along with Marburg, CIH also marked the resurgence of parasitic viruses which spread by attaching themselves to .EXE files.

Other viruses proved over-hyped. "Strange Brew", the first virus to infect Java applications, appeared in August. It caused a flurry of concern, which was largely unfounded because the virus infects Java applications, and cannot spread via web-based Java. In addition, the first Visual Basic Script (VBS) viruses were discovered in October.

Microsoft Office 97 was a major target for virus writers in 1998 with the appearance of three new virus types. April saw the first Access virus, while "StrangeDays" and "Shiver" marked the first "cross-infectors" able to contaminate both Word and Excel files with the same code. The last major component of the Office 97 suite fell victim to attack right at the end of the year in December, with the emergence of PM97/Attach, a virus which infects PowerPoint.

Even Windows NT was not immune. In December, "Remote Explorer" appeared, the first virus which is able to run as an NT service.

"The number of new virus types emerging has made 1998 a very interesting year," said Paul Ducklin, head of research at Sophos. "Whilst keeping abreast of developments, however, we must be careful not to lose sight of the old virus types. After all, the number one virus reported to Sophos in 1998 was the macro virus, Excel/Laroux."

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.