North America leads world in spam

December 8, 2004

Top computer viruses of 2004 reported

Inman News

Sophos, an anti-virus, anti-spam and policy-based network security provider, reports today that the top threats affecting computer users in 2004 were on average more inventive, with nastier repercussions. From the virus front, Netsky-P worm, which was first seen in March, has accounted for almost a quarter of all virus incidents reported, making it the hardest hitting virus of 2004, the company said.

Meanwhile, North America, particularly the United States, continued to contribute the most to worldwide spam, with nearly 48 percent of all spam being sent from North American computers during 2004.

"Unfortunately, in 2004, we saw increased collaboration among cybercriminals through organized crime rings and collusion between virus writers and spammers," said Gregg Mastoras, senior security analyst at Sophos Inc.

"In 2004, we also saw financial motivation become the driving force behind spam and viruses. In response, legislators and the software community both increased attention on the problem. As the criminals use their ingenuity to get past our safeguards, we as a community must use ours to improve technology, increase user awareness and reduce the profitability of their ventures," Mastoras added.

Sophos's worldwide network of virus and spam labs have identified a number of new trends in 2004. Sophos researchers have identified 10,724 new viruses so far in 2004, a 51.8 percent increase in the number of new viruses, bringing the total viruses in existence to 97,535.

Of these, Netsky variants accounted for 41.6 percent of all viruses reported to Sophos, capturing an unprecedented five of the top 10 slots on this year's top 10 round-up. The top 10 viruses of the year are as follows:

  1. W32/Netsky-P, accounting for 22.6 percent of all viruses, first seen in March 2004.
  2. W32/Zafi-B, accounting for 18.8 percent of all viruses, first seen in June 2004.
  3. W32/Sasser, accounting for 14.2 percent of all viruses, first seen in May 2004.
  4. W32/Netsky-B, accounting for 7.4 percent of all viruses, first seen in Feburary 2004.
  5. W32/Netsky-D, accounting for 6.1 percent of all viruses, first seen in March 2004.
  6. W32/Netsky-Z, accounting for 3.7 percent of all viruses, first seen in April 2004.
  7. W32/MyDoom-A, accounting for 2.4 percent of all viruses, first seen in January 2004.
  8. W32/Sober-I, accounting for 1.9 percent of all viruses, first seen in November 2004.
  9. W32/Netsky-C, accounting for 1.8 percent of all viruses, first seen in May 2004.
  10. W32/Bagle-AA, accounting for 1.6 percent of all viruses, first seen in April 2004.

    *"Others" accounted for 19.5 percent of all viruses.

German teenager Sven Jaschan, who wrote both the Netsky and Sasser worms, is responsible for more than 55 percent of all virus reports in 2004, according to Sophos.

Jaschan was apprehended and confessed to his involvement in May 2004, but his worms continue to spread. In November 2004, eight months since its original discovery in March, Jaschan's Netsky-P worm was still the world's most widely reported virus.

Mobile viruses continue to pose minimal threat to the enterprise, despite an increase in "proof-of-concept" experiments.

2004 Spam World

The United States continues to lead the world in spam, accounting for more than two of every five spam e-mails.

Despite CAN-SPAM legislation and the Operation Web Snare crackdown in August, where the Department of Justice arrested more than 150 people in connection with online computer crimes, U.S. computers originated more than 42 percent of all spam, more than three times the amount from the second largest spamming country, South Korea.

The top 10 spamming countries in order were the U.S., South Korea, China (and Hong Kong), Canada, Brazil, Japan, France, Spain, United Kingdom and Germany.

Spammers on average change their domain every two days now, as compared to every week three months ago, according to Sophos.

In 2004, spammers became more inventive using new obfuscation techniques, rotating domain names and hiding their domain owner information. In the past 12 months, the speed at which they use new techniques has gone from weeks and days to hours and minutes - soon it will be seconds. This accelerated spam activity now requires constant spam operations with analysis and research at every hour of the day.

A number of new spam campaigns made their debut in 2004, widening the content beyond the typical prescription drug and mortgage application e-mails, Sophos reported.

According to the Anti-Phishing Working Group, in October alone, phishing campaigns hijacked more than 44 brands worldwide. Phishing occurs when people send fraudulent e-mails that pretend to be from a bank or company the recipient does business with in an attempt to dupe them into giving up private information.

Copyright 2004 Inman News

Contact ALTA at 202-296-3671 or