Virus Threat's Bad And Getting Worse - ICSA Survey

[William Knowles <wk () C4I ORG>]

http://www.computeruser.com/news/00/10/24/news7.html

By Kevin Featherly
October 24, 2000

The number of corporations infected by viruses this year has risen by
20 percent, with the pace of infections accelerating rapidly,
according to a report issued Monday by anti-virus consulting firm
ICSA.net.

Larry Bridwell, content security program manager for ICSA Labs in
Carlysle, Penn., and a study co-author, said the company's 2000 report
indicates the danger for corporate "virus disasters" is worse now than
it has ever been in the six years that ISCA has been conducting its
annual virus surveys.

"When we see the number of incidents per 1,000 machines in a company
effectively doubling every year over a five-year period, it's a
wake-up call," Bridwell told Newsbytes Monday.

According to the survey companies reporting computer virus disasters
increased more than 20 percent in the last year and continue to
accelerate. The survey is based on a poll of more than 300 companies
that have 856,000 PCs, conducted this year. Among its findings:

- For a typical company, losses in productivity associated with
  viruses is rising, estimated to cost between $100,000 and
  $1 million per company annually.

- Forty percent of companies report data losses due to viruses, a 23
  percent increase over 1999.

- Two-thirds of companies experienced file problems stemming from
  incoming viruses, up from half of companies in 1999.

"Virtually all of the companies responding to the survey (99.67
percent) experienced at least one virus encounter during the survey
period," according to the report's executive summary. "Only one
company claimed not to have experienced such an encounter. The group
of 300 organizations had 303,356 encounters on 855,899 machines ...
for the years 1998, 1999 and early 2000."

That translates to more than 160 encounters per 1,000 machines per
year, or about 14 encounters per 1,000 machines per month over the
survey period, the report states.

The numbers represent the fifth consecutive year of increased
corporate virus incidents, according to the report.

The threat to individual Net users also is expanding, Bridwell
indicated. He said that recent high-profile assaults involving the
e-mail viruses Melissa and the Love Bug - or Love Letter, as it also
is known - are indicative of the new seriousness of the problem.

"Melissa sort of spread in a few days. Love Letter spread in a few
hours because it took the limitation off and sent it to everybody in
your (e-mail) address book," Bridwell said. "The trend in
virus-writing seems to be to write viruses that use the Internet
connectivity and use a worm payload."

This means that many current worm-like viruses designed to besiege
companies and private Net users no longer require any human touch.
That makes them different from unlike older viruses that tended to
require a host program or attachment file in order to replicate, and
which often were spread by diskettes passed from machine to machine.
"A worm only needs Internet connections; weak points in security,"
Bridwell said. "They don't need human intervention to spread. ... So
these mass-mail or worm-like viruses or worm-like payloads tend to be
much faster than humans."

Bridwell said that, when projected to the future, one of the most
alarming things about the current virus trend is that the Internet
itself is becoming so pervasive in American life at the same time that
most of the computing world continue to rely on a single operating
system - Windows - which can be easily targeted because of its very
dominance. Windows-reliant corporations, governmental agencies, and
private citizens alike rely on the Net more every day to conduct their
normal business, expanding the risks ever further, Bridwell said. That
problem is only likely to worsen, he said.

"One of the things that concerns us," Bridwell said, "is that if these
things are growing at this rate - with the number of Americans we have
connected to the Internet, and the number of people worldwide - what
happens when we start having pervasive connections such as DSL and
cable, where people are connected all the time?"

Asked if he believes that the threat of relatively innocuous e-mail
worms serve as a warning about much more serious cyber-terrorism
threats, Bridwell hedged, saying that ISCA prefers to act as the voice
of reason with regard to those risks. But he didn't deny that the
shadow of cyberterrorism may loom in the reports findings.

"I will say this: with the ever-increased functionality of programs,
the increased of use of the mass-mail technology - while I wouldn't
necessarily say 'terrorism' - I would say pointed attacks are more
easily accomplished and more likely in the future. That would not rule
out in the future, I would say, some sort of terrorist attack," he
said.

"Do I think that it's there now for terrorism? No, I don't think so,"
he continued. "I think there is a wake-up call that we begin to look
at those, because the more we put our faith in the Internet and the
more companies and government agencies that use the Internet for their
normal business operations, we do leave ourselves open."

Bridwell said the answer is a combination of "quality" virus detection
systems applied to all areas of a company's computing system - from
the desktop to the e-mail gateway to the firewall. But that is merely
the front-line approach, he said. It needs to be augmented with a more
"holistic" protections, including measures like barring entry to
incoming e-mails with .doc attachments, or barring any e-mail
attachments whatsoever.

ICSA.net is a consultant that makes its money by surveying corporate
virus risks and implementing anti-virus systems. The company's Web
site says its lab sets standards, performs research, tracks and
measures risks and certifies 98 percent of the market's anti-virus
systems.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".