Bugwatch: The new nasties

This week Luis Corrons, head of PandaLabs, warns of the added workload that IT departments face from new forms of malware.

It seems that 2004 is becoming the year of 'other' malware, not just viruses and worms.

This is not to say that there have been, or will be, fewer viruses or epidemics. Rather that new threats such as diallers, spyware or spam are adding to the security workload. And these threats must be taken into account when designing security policies.

Viruses will no doubt continue to appear, possibly even more than before. But the increased presence of other malware means that good antivirus defence on its own is no longer enough. Users also need to have specific tools for specific threats.

The reason for the increase in new malware is purely financial. Many unscrupulous users have realised, for instance, the money-making potential of installing diallers. They can reconnect modem users to premium-rate phone numbers, steal bank or credit card details or sell databases to dubious marketing companies.

Spam is likely to continue causing misery. Not only is a huge amount of time wasted reading and deleting it, junk mail carries the risk of being used as a means of propagation for viruses and other malicious code.

Hacker attacks are also on the increase, facilitated by the rise in backdoor Trojans and hacking tools in recent months.

And virus creators are continuing their quest to uncover vulnerabilities in popular software to spread their creations as widely as possible. This is a strategy that has been increasing in popularity, often with devastating results.

Since January, when MyDoom appeared, we have seen a number of new worms, most notably all the variants of Netsky and Bagle. A new kind of computer virus epidemic has emerged.

The culprit in this case is not just one virus but a variety of malicious code, launched from the internet at the same time, making the probability of a computer being infected extremely high.

The reason for this change in virus writers' strategy is easy to understand, considering that antivirus companies are developing vaccines to combat new viruses very shortly after detection and, in some cases, offering specific tools to eliminate them.

It is easy to see that if many viruses appear over a short period of time, there is a far greater probability of being infected by one of them. Under these conditions, the hundreds of infected email messages reaching inboxes makes users more likely to run one of these malicious programs.

Even a slight delay in updating antivirus protection, or simply downloading an infected file from a peer-to-peer network, can considerably increase the probability of falling victim to infection.

Under these circumstances, a virus may start off with a bang, infecting a large number of computers over a short space of time. But as users can now rapidly and easily detect and eliminate them, their lifespan is cut short.

The time when a virus could hang around for years is now in the past, leaving those responsible for malicious software to look for other avenues.