The MyDoom Internet virus and the Bagle-B worm are only a taste of viruses, worms and Trojans set to appear in the coming year — effectively representing the tip of the iceberg as far as destructive capability is concerned.
This is according to Zea Silva, security business unit manager at independent ICT solutions provider, First Technology, who says that the speed with which MyDoom spread across the world was what made it so destructive.
"Computer users can expect many more new viruses to be released throughout the year, many of which may be even more destructive or disruptive than anything seen before. In addition, the speed with which viruses and worms will spread is likely to increase — from hours to only minutes.
"MyDoom initiated the fastest spreading malicious worm seen to date, which was largely because of the way it was created — as a simple email with a standard subject line — and the way it hid itself in .zip or Windows executable attachments," she says.
In a matter of a few hours, the MyDoom worm spread so rapidly that antivirus companies rated it as a 'high' outbreak risk. It was rated as the first serious outbreak of 2004, and, within a few days, had surpassed the damage caused by Sobig.F and Welchia.
MyDoom.A accounted for approximately 30 % of all email traffic globally and generated in excess of 100m infected emails in its first 36 hours, blocking networks and overloading servers.
Only two days after MyDoom was released, a second version of the virus, MyDoom.B was spreading across the world. MyDoom.B released distributed denial of service (DDoS) attacks on the SCO and Microsoft websites, and also prevented machines infected with MyDoom.A from accessing antivirus sites.
Silva says that the main reason for MyDoom being so destructive is the lack of comprehensive corporate security solutions. "Comprehensive security entails intrusion detection and prevention systems, antivirus software, a firewall solution, and, ideally, a subscription to a daily virus alert service.
"Some companies may claim that they have all this in place and that they were still affected by MyDoom. The key to remaining secure is to ensure that antivirus software, intrusion detection and firewall systems are correctly deployed, and that all updates and virus patches or definitions are downloaded successfully the moment they become available. A subscription to a virus alert newsgroup or mailing list will also help the cause by alerting users the moment that a new virus has emerged," she adds.
Silva says businesses can learn a valuable lesson from this particular strain of computer virus, which is that companies need to be better prepared than they think they are.
"Ninety five % of companies think they are set up correctly and that their systems are successfully updating automatically with no human intervention.
The mind-set towards network security needs to change rapidly. If it does not, companies may find themselves crippled by the next worm or virus threat.
"It is not a matter of 'if' the next virus strikes; it is rather 'when' it will strike as there will be more security risks this year. The cost to a business of not being secure is a loss of confidentiality, integrity and availability — three characteristics that are difficult to restore once the damage has been done," she concludes.