Report: Bugbear, Sobig top viruses so far in 2003

The Bugbear and Sobig viruses top a list of the most frequently occurring viruses of 2003, according to a report put out by antivirus company Sophos PLC.

A total of 3,855 new viruses were introduced in the first half of this year, according to Sophos, an increase of 17.5 percent over the same time last year.

The growth of the Internet, coupled with the wider availability of virus-writing tools, is driving this increase, according to Sophos Senior Security Analyst Chris Belthoff. Many of the virus authors appear to be operating in countries that do not have antivirus laws on the books, he added.

More than half of the viruses that Sophos tracked in 2003 appear to have emerged from Eastern Europe or the Pacific Rim, Belthoff said. "These people are probably of a mindset that they're untouchable under the law," he said.

A greater number of viruses, however, does not necessarily translate into a greater headache for network managers, according to one user. "From a corporate standpoint, the greatest concern that I have is not so much a new virus that's based on an existing virus, it's a new virus using an exploit that, up until now, has not been widely attacked," said Rob Buchwald, a security manager with North Olmsted Ohio's Moen Inc.

Unfortunately, 2003 has seen its fair share of new exploits, including Bugbear and Sobig, which respectively accounted for more than 14 and 18 percent of the inquiries to Sophos's technical support department through June of this year.

"The Bugbear virus was a pretty complicated virus in terms of what it did and the methods it used to spread," said Belthoff. Bugbear would change its appearance, which made it hard for antivirus software vendors to identify it, and it also appeared to target specific companies, he added. "A lot of things in the Bugbear virus were pretty malicious," he said.

Sobig also represents a new direction for virus makers, said Mark Sunner, the chief technical officer of email security company MessageLabs Ltd. "We're now seeing virus technology used by the spam community," he said. Sobig installs a trojan-type virus on any infected machine that could eventually be used as a spam relay point, Sunner said. Infected machines are "effectively waiting for the spammer to come along and connect to them and use the machines for whatever they want," he explained.

The percentage of virus-infected email intercepted by MessageLabs' software had increased by 13.6 percent in the last month, Sunner said.

Sophos declared Avril Lavigne the "virus celebrity of the year so far," thanks to the appearance of two variations of the Avril virus on the company's top ten list. The virus contains a wide range of attachments with names like "AvrilSmiles.exe," prompting the many fans of Lavigne's music to launch the virus.

Avril accounted for over 5 percent of Sophos's customer inquiries, the company said.

The top ten viruses on Sophos's list were, in order of prevalence, Bugbear-B, Sobig-C, Klez-H, Sobig-B, Sobig-A, Avril-B, Bugbear-A, Avril-A, Fizzer-A, and Yaha-E.