Welcome to yet another year of viruses

Robert Vamosi

Published: 12 Jan 2004

• 
• 
• 
• 
• 

When the MiMail.l email virus appeared last month, it got little attention from the media. After all, it was only a minor variant of the MiMail family, and it spread slowly across the Internet, right?

It may not have been the most destructive worm ever, but it turns out that MiMail virtually shut down the Spamhaus Project and SpamCop -- two sites where you can report spam abuses.

Failed prediction

The year 2003 was supposed to see the end of email-borne viruses, given that both Microsoft Outlook and anti-virus applications have become much better at stopping them. But in 2004, we expect to see more of these pests -- especially more spam-related ones like MiMail.l -- as professional spammers continue using them both to collect email addresses and to distribute their messages anonymously. MiMail.l wasn't the first worm involved with junk email. As early as January 2003, anti-virus experts noticed that a worm called Sobig was aiding the sending of spam. By early summer of 2003, there was evidence that Sobig was building a network of what are called 'open proxies' -- systems that act as blind intermediary portals to the Internet.

By the time the Sobig.f variant came along in mid-August, the open-proxy network created by earlier variants helped Sobig.f infect more than 1 million PCs worldwide in less than 24 hours, making it the fastest-spreading computer virus or worm on record. The August infection further expanded the open-proxy network, giving future variants the ability to spread even faster.

Open proxies

Lists of these open proxies are quite valuable and are bought and sold in chat rooms and elsewhere on the Internet. This is largely because open proxies allow individuals to access the Internet through a remote system's IP address. For professional spammers, this sort of anonymous Internet access is a must. It makes it difficult for law enforcement to track the vast quantities of messages spammers send back to their sources.

Large open-proxy networks also help spammers get their messages out faster than sending them through one or two systems. In 2003, email security company MessageLabs found that two-thirds of the spam being circulated on the Internet was relayed through the use of open proxies. Spammers use viruses for more than just creating open proxies. They use viral code to collect active email addresses, too. In the past, spammers bought CDs containing both valid and invalid email addresses, taking their chances that a profitable percentage would be live. But now spammers can infect computers worldwide with viruses that will send hundreds of thousands of active email addresses back to the spammer within hours, then turn around and start flooding those addresses with spam.

MessageLabs predicts that spam will account for more than 70 percent of email traffic by April of 2004. Given that current anti-spam legislation is largely ineffective, the onus will continue to be on us to protect ourselves.

Prevention

What to do? Fortify yourself, of course, as we've been saying throughout 2003 and will continue to say in 2004. In addition to running a good anti-virus/firewall combination, such as Trend Micro's PC-cillin Internet Security 11, on your system, we recommend installing a good spam blocker, such as Norton AntiSpam 2004 (included in Norton Internet Security 2004) or Qurb. The antivirus/firewall program will keep your desktop from sending out spam without your knowledge, while the anti-spam application will help shield you from the onslaught of unsolicited, incoming mail.

We'd love to be able to promise you that 2004 will see the end of email viruses and spam. Unfortunately, we expect to see even more.

But there is hope. In 2004, Microsoft will start rolling out changes to its Windows Server platform that the software giant says will limit the growth of spam. And by the end of 2004, companies participating in the US government's National Strategy to Secure Cyberspace are expected to make recommendations on how to limit the growth of viruses and Trojan horses, among other Internet maladies. It may be a little late, but better late than never, right? Hopefully we'll have better news for you in 2005.

Related articles

• 
• 
• 
•