Trends on the hacker underground are changing. Viruses are on the way out and exploitation of software vulnerabilities is increasing, according to research.

Analysts at mi2g's Intelligence Unit said that the emergence of new trends became evident last year. Figures compiled by the group revealed a decrease of 41 per cent in new virus species, from 413 in 2000 to 245 in 2001.

But, in contrast, the global exploitation of software vulnerabilities has increased by 124 per cent from 1,090 incidents in 2000 to 2,437 in 2001.

Although traditional virus development may have dropped, it's by no means on the way out. Mi2g has identified Europe as the hotbed of malicious code writing, leading the world in the development of 57 per cent of viruses.

Around 21 per cent of these originate from eastern Europe including Russia. North America accounted for 17 per cent, followed by the Far East at 13 per cent.

The analyst identified the most prolific serial virus writers as Zombie, author of the Executable Trash Virus Generator; Benny from 29A virus group and author of the .Net Donut virus; Black Baron, author of Smeg; David Smith, author of Melissa; and Chen Ing-Hau, author of CIH.

According to mi2g, virus writers fit the stereotype of being fairly young, male and getting no commercial benefit from their activities.

Steve Trilling, of antivirus firm Symantec, said: "With more and more critical business and government functions conducted online, we could see more 'professional' types of attackers."

Computer Associates' Simon Perry added: "We haven't seen a virus with a really malicious payload yet. We haven't seen a really destructive time bomb. We're probably about 12 or 24 months away from the motherlode virus."

Mi2g pointed out that as "new software vulnerabilities are exploited by virus writers, disgruntled employees and hacktivists, corporations are having to patch up their systems continuously".

Computer Economics recently estimated the worldwide economic impact of malicious code attacks at $13.2bn in 2001. The most significant attacks were from worms exploiting software vulnerabilities such as Code Red ($2.62bn), SirCam ($1.15bn) and Nimda ($635m).

DK Matai, chairman and chief executive of mi2g, said: "Why are so many vulnerabilities coming to light? Software vendors have been keen to profit from new products without paying adequate attention to the long-term quality issues, such as trusted computing and the security perspective.

"As evidenced by the recent sea change in Microsoft's priorities, the focus on product development from day one has to be on security as it cannot be bolted on."