The Mydoom Internet virus and the Bagle-B worm are only a taste of viruses, worms, and Trojans set to appear in the coming year--effectively representing the tip of the iceberg in destructive capability, a security expert warns.
The speed with which Mydoom spread across the world was what made it so destructive, notes Zea Silva, security business unit manager at independent ICT solutions provider, First Technology in South Africa.
"Computer users can expect many more new viruses to be released throughout the year, many of which may be even more destructive or disruptive than anything seen before," she says. "In addition, the speed with which viruses and worms will spread is likely to increase--from hours to only minutes."
Silva echoes some other virus-watchers as naming Mydoom the fastest spreading malicious worm to date. She says this occurred largely because of the way it was created: "as a simple e-mail with a standard subject line, and the way it hid itself in .zip or Windows executable attachments."
Danger of Speed
In a matter of a few hours, the Mydoom worm spread so rapidly that antivirus companies rated it as a 'high' outbreak risk. It was rated as the first serious outbreak of 2004, and within a few days had surpassed the damage caused by Sobig.F and Welchia.
Mydoom.A accounted for approximately 30 percent of all e-mail traffic globally and generated in excess of 100 million infected e-mails in its first 36 hours, blocking networks and overloading servers.
Only two days after Mydoom was released, a second version of the virus, Mydoom.B, was spreading across the world. Mydoom.B released distributed denial of service (DDoS) attacks on the SCO and Microsoft Web sites, and also prevented machines infected with Mydoom.A from accessing antivirus sites.
Silva says the main reason for Mydoom being so destructive is the lack of comprehensive corporate security solutions.
"Comprehensive security entails intrusion detection and prevention systems, antivirus software, a firewall solution, and, ideally, a subscription to a daily virus alert service," she says. "Some companies may claim that they have all this in place and that they were still affected by Mydoom."
But they need to be certain that the protections are correctly deployed, and that updates and virus patches are downloaded and installed as soon as they are available, she adds. "A subscription to a virus alert newsgroup or mailing list will also help the cause by alerting users the moment that a new virus has emerged," Silva says.
Businesses Beware
Still, businesses can learn a valuable lesson from this particular strain of computer virus--namely, that companies need to be better prepared than they think they are, she says.
"Ninety-five percent of companies think they are set up correctly and that their systems are successfully updating automatically with no human intervention," she says. "The mind-set towards network security needs to change rapidly. If it does not, companies may find themselves crippled by the next worm or virus threat."
Businesses would be smart to take Mydoom and the other recent pests as a warning, she says.
"It is not a matter of 'if' the next virus strikes; it is rather 'when' it will strike, as there will be more security risks this year," Silva says. "The cost to a business of not being secure is a loss of confidentiality, integrity, and availability--three characteristics that are difficult to restore once the damage has been done."
