Viruses & Malware

Mass mailing viruses will go the way of macro viruses and become much rarer next year. Viruses such as Sober and MyDoom are simply not as effective as they used to be, Kevin Hogan, a Symantec Europe manager, notes. "People know it's risky to double click on viruses. For virus writers there's no technical kudos. Also mass mailing viruses are noisy, bringing attention to themselves, and that goes against the trend of developing malware that hides its presence on infected systems," he said.

Netsky-P, an email computer worm allegedly written by a German teenager, was the hardest-hitting virus of 2004, disrupting tens of thousands of businesses and homes worldwide, Web security firm Sophos says.

The worm accounted for almost a quarter of all virus incidents reported, Sophos said in a report on Wednesday, with four other Netsky variants also making it into the top 10, and the Sasser worm by the same writer taking third place.

Next year will see more and more viruses targeting users' financial accounts as organised crime moves online in a big way, according to security company Sophos.

Although Sophos found that half of this year's top viruses, i.e. Netsky and its variants, came from a teenager in northern Germany, 2005 will see more and more viruses that collect and forward online banking details.

Organised criminal gangs in eastern Europe and the Far East are hiring professional programmers to harvest these details and use them to drain funds from bank accounts worldwide.

There are many metrics by which to measure the efficiency and effectiveness of an antivirus product and the response organization that is backing it. Some of the commonly used metrics today include the antivirus company's response time to new threats and well as the availability of proactive detection. But are these metrics enough?

After a few months of relative calm from malware writers, two new viruses have broken into the top 10 of malware infections for last month - although they have yet to topple Netsky from the top spot.

Netsky.P retained the number one position, where it has been for two months, vying for the number one position with Zafi.B, first released in June. While Netksy.P is still the most reported virus for the month of November, according to antivirus firm Sophos, with just over 24 per cent of reported infections.

Sun Microsystems claimed yesterday that its attempt to stamp on a recently discovered Java Virtual Machine (JVM) security bug has been successful.

Security experts warned that the potentially devastating flaw in the JVM Run Time Environment could leave millions of desktops open to attack.

However, Sun stated: "Early indications are that Sun's response to this issue has been effective. As of 29 November 824,244 users have downloaded the upgraded version of J2SE 1.4.2_06 that corrects the vulnerability."

Security experts have issued a warning over the newly intercepted A, B and C variants of the Tasin worm, which have begun to spread rapidly by email.

The malicious worms use social engineering tricks to distract users while they are sent out from infected computers before deleting a large number of system files.

Tasin.A was first detected a few days ago. It has not been the centre of any explosive propagation, but has gradually crept up the rankings of the viruses most frequently detected by IT security firm Panda Software.

Virus writers are targeting Symbian-based mobile phones with a Trojan horse that kills off system applications and replaces their icons with images of skulls.

The program, dubbed "Skulls" by antivirus companies, is disguised as a theme manager for Nokia phones in the Symbian Installation System format, said Mikko Hypponen, director of antivirus research for software maker F-Secure.

Only a few people have managed to run across the program on the Web and then downloaded and run the Trojan horse, he said.

Early on Saturday morning some banner advertising served for The Register by third party ad serving company Falk AG became infected with the Bofra/IFrame exploit. The Register suspended ad serving by this company on discovery of the problem.

A newly discovered multilingual Windows worm has begun doing the rounds this morning, with antivirus firms reporting infections in France, Germany and Australia.

Sober I is a mass-mailer that arrives as a 56,808 byte .pif or .scr file attachment with email headers in both English and German.

Once activated the worm copies itself twice to the hard drive under a random name and begins harvesting email addresses before mailing itself on using its own SMTP engine.