The Malware Mess
Computer viruses have been around nearly as long as personal computers themselves.
The first ones to show up "in the wild"--that is, beyond wherever they were created--debuted in the early 1980s, spreading from one Apple II machine to another via shared floppy disks. (A Ph.D candidate coined the term "computer virus" in 1983). In 1988, a Cornell graduate student released the first major Internet virus, a self-replicating program that flooded what was then an academic-research network, disabling several thousand computers. (The student, who insisted the damage was unintentional, received a sentence of probation, community service and a fine.)
Over the next decade, as the number of homes and businesses connected to the Internet grew rapidly, so did reports of problems from viruses and other "malware" - malicious software such as worms and Trojan horses. (For a selected sampling of top threats, see Most Memorable Malware.)
By July 2006, experts had identified nearly 185,000 different viruses and other threats, according to malware expert Graham Cluely, senior technology consultant for Sophos plc, a U.K.-based British antivirus firm. That's up from an estimated 80,000 in early 2003. Threats proliferate quickly because as antivirus companies figure out how to eliminate one, several others--often closely related spin-offs--start popping up.
What do viruses and other malware programs do? Some replicate themselves, flooding e-mail accounts with so much junk mail that systems slow or shut down. Some modify, delete or move files. Some find and forward important data (such as passwords). Some deposit spyware, adware or other unwanted programs on computer hard drives.
More sophisticated ones open "back doors" that allow their creators to take remote control of computers to, for instance, coordinate a widespread attack on a particular website. Some are smart enough to disable antivirus programs. A newer threat, called a rootkit, conceals itself so that it can be run undetected by a computer's operating system or security software.
What's out there right now? Here are three of the threats most frequently reported to antivirus-software companies, as of July 2006:
- Sober, debuted in October 2003 (several variants still circulating). Delivered via e-mail attachment. Sends e-mails with forged return addresses; disables anti-virus software.
- Netsky, debuted in February 2004 (many variants still circulating). Delivered via e-mail attachment. Sends e-mails enabling different functions; some variants cause users' computers to beep at particular times.
- Mytob, debuted in February 2005 (many variants still circulating). Delivered via e-mail attachment and network shared spaces; sends e-mails with forged return addresses; turns off antivirus applications, may permit remote access.
- How much do malware attacks cost businesses? It's tough to find reliable numbers because there are no universal metrics for calculating damages. But when you figure in reduced productivity, missed business, the cost of software upgrades and the labor expenses associated with cleaning up and protecting systems, you can safely put the overall losses for each major outbreak in the millions. (In a few major cases, analysts set the global economic impact at $1 billion and up.)
In 2005 alone, U.S. companies lost $15.7 million to virus outbreaks, according to the 2006 CSI/FBI Computer Crime and Security Survey conducted by the FBI and the San Francisco-based Computer Security Institute. In fact, such attacks accounted for 74 percent of all security-related financial losses--more than system break-ins, stolen hardware or data theft, according to the 11th annual survey (Free download available; registration required).
While many of the participants--executives from more than 600 U.S. companies--weren't willing to estimate how much security problems cost them, those who did reported losses averaging nearly $168,000. Even for smaller organizations, malware can take a toll in terms of productivity: Another research organization, Mechanicsburg, Pa.-based ISCA Labs, says businesses typically lose about nine "person-days" to recovering from every malware incident.
How can companies protect themselves against such attacks? Experts recommend that you:
- Take a big-picture approach. Look at security as a business imperative, not just a "tech problem." Given ongoing concerns about cyberterrorism, it's worth encouraging all executives and managers to stay informed about the latest threats.
- Keep corporate firewalls updated. Make sure that your IT team monitors event logs for early evidence of attacks or intrusions.
- Invest in maximum-strength antivirus software for every computer, including those used by remote, mobile and contract workers. Insist that employees regularly update the software--or make it happen automatically, if possible.
- Monitor incoming e-mail with virus-scanning software that deletes infected messages and quarantines spam (which can carry viruses and worms).
- Make sure both your overall systems and employees' individual machines get backed up regularly to ensure that critical data is preserved even if original files are attacked.
- Establish procedures for safe network file-sharing; otherwise, when workers move files between computers, they may inadvertently pass along viruses or worms as well.
- Instruct employees to remain vigilant about incoming e-mail. The old warning about not opening messages and attachments from strangers still stands. But users should be equally cautious with e-mails that may initially seem to come from acquaintances because malware often spreads by co-opting real e-mail addresses. A weird subject line--one containing misspellings or a reply to a message that the recipient didn't send---often signals the presence of a virus or a worm. Bottom line: When in doubt, delete.