Survey shows fewer, costlier viruses

IDG News Service - The growth of malicious code slowed between July 2001 and the end of last year, but new viruses pose a more constant threat and last longer than in previous years, a new survey has found.
The Virus Prevalence Survey was conducted by ICSA Labs, an independent division of TruSecure Corp., based in Herndon, Va. ICSA Labs gathered information from 306 medium- and large-sized companies and government agencies. The purpose of the survey was to understand trends on the prevalence of viruses and malicious code on computer networks. The survey covered more than 900,000 computer desktops, servers and gateways, according to TruSecure.
More than 1.2 million incidents involving viruses or malicious code were recorded during the course of the survey, which translates to 113 virus encounters a month for every 1,000 machines on a network during the 18 months covered by the survey.
Infections had grown to a rate of about 12 virus encounters per 1000 machines each year since the survey began in 1996. However, between 2001 and 2002, that growth was considerably slower than in previous years, increasing by only two encounters per 1,000 machines, the survey found.
ICSA also noted a decrease in the number of companies reporting a virus "disaster" during the survey period. Eighty percent said they had experienced a virus disaster, down from 84% in the ICSA's last survey. ICSA attributed that decrease, in part, to the absence of a massive virus outbreak along the lines of the Code Red or Klez viruses in previous years.
Viruses were a more constant threat in the period covered by the survey than in previous years. The average rate of infections per month was higher than in previous years and the threat of incidents remained at a higher level throughout the period covered by the survey, ICSA said.
Despite the slowdown in the growth of new viruses and the absence of a Code Red-style outbreak, the viruses that circulated appeared to have more staying power than those in previous years, according to ICSA.
The prevalence of mass mailing viruses and Internet worms account for the increase in durability. Those virus types are harder to remove, even after virus definitions are available.
As a result, new variants of the Klez worm linger on networks rather than spiking shortly after they are introduced, then quickly dying out, ICSA said.
The cost of cleaning up after a virus infection also rose in the period covered by the survey. On average, 23 staff days were required for virus disaster recovery, up from 20 days in ICSA's last survey. The average cost to companies was $81,000, compared with $69,000 in the last survey, ICSA said.
The world may be witnessing a transition from an older generation of viruses and worms to a new one, the company said. New virus types, expanded connectivity and the spread of wireless devices mean that infection rates will likely grow in the future, ICSA said.
To protect themselves, corporations should adopt holistic protection philosophies that supplement antivirus technology with e-mail gateway filtering and controls on desktop applications and Web browsers.
Complementing identity-based antivirus screening with more flexible antivirus technology will also help defend against the next generation of Internet viruses, ICSA said.