The year 2003 will go down in history as a banner year when viruses (and worms and trojans,etc) brought down more servers, infected more computers in more countries, and caused more damage (more than $50 billion by some estimates) than any other year in the recent past. Starting with Slammer, which hit in January, Sobig and Blaster, which grabbed the headlines in August, other malware (viruses, trojans and worms) were working their stealthy way into computers.

Depending on which listing of top viruses you read, the most prevalent viruses of the year 2003 were mass-mailing worms which used more than one way to infect unsuspecting computers. Most of these tried to send their selves to email addresses harvested from files on the victim's computer. These also tried to spread by copying and infecting files on shared directories on the local network of the infected computers. Some also took advantage of vulnerabilities and bugs on popular software. A few tried to infect other computers selected at random. Almost all viruses in various top-ten lists were targeted at Windows software.

The most prevalent viruses (and their variants) were:

Sobig - initial version started in January and latest version made a big splash in August by clogging up servers with the massive volume of email it sent from infected computers

Bugbear (aka Tanatos) - initial version in January, continued with a more virulent later version in middle of the year, which sent mass email and infected shared directories on the local networks of infected computers

Blaster (aka LoveSan, Poza) - made a hit initially in August and succeeding months, targeting a vulnerability in Windows server software

Nachi (aka Welchia) - also hit the headlines in August, right after Blaster, by exploiting a similar vulnerability in Windows servers

Mimail - hit in August, and later versions on later months, with email purporting to be from a payment firm in order to grab credit card info

Slammer (aka Sapphire) - hit MS SQL servers in January and caused major havoc to systems running on MS SQL database servers worldwide

Klez (aka Poverty) and its partner Elkern - this carry over from 2002 still continues to infect unprotected computers, causing chaos by deleting files on the 13th of every odd month

Gibe - also a carry over from 2002 which continued to spawn new versions and infect unwitting computer users by masquerading as a software security patch

Sober - a late entrant in October, but later versions continued into December, broadcast by mass email

Lovegate - hit in February, spreading by mass email and shared directories, it opens a backdoor which the virus writer can use to take control of the infected computer

Trends seen from these infestations include:

- use of mass mailing by harvesting email addresses from address books and other files on the target computer

- use of multiple modes of propagation, such as, mass email, infecting files on shared network directories, or targetting computers at random using common login names and weak passwords

- use of the Internet and interconnected computer networks to spread massively and quickly

- stealing passwords, credit card info and other confidential data by viruses masquerading as email from legitimate companies and asking for this info, or by viruses lurking in the background watching keystrokes

- more trojans and remote access viruses which allow hackers to take over control of the infected computer to launch attacks on other computers

- attempts by viruses to disable anti-virus software running on the victim's computer

- quick exploitation by virus writers of new vulnerabilities discovered in popular software

Lessons to be learned for safe computing:

- use an anti-virus scanning software to check your computer regularly and keep it updated

- be wary of unexpected email (and their attachments) from unknown senders

- safeguard shared network directories by requiring a password

- update/change your passwords regularly

- use a firewall to block unwanted traffic (and intruders) from your computer network and servers

- be vigilant and alert to any unusual events/occurences on your computer

+

-o0o-