2001: A Security Odyssey; F-Secure Recalls the Most Challenging Year Ever for Data Security

Business Wire, Dec 18, 2001

Business/Technology Editors

SAN JOSE, Calif.--(BUSINESS WIRE)--Dec. 18, 2001

Experts agree that year 2001 was the most active year for computer related crime so far. From traditional viruses to complex network worms, the year 2001 was, to paraphrase Arthur C. Clarke, "a security odyssey", said Mikko Hypponen, Manager of Anti-Virus Research at F-Secure Corporation.

One of the central themes of 2001 was the rapid evolution of the malicious code threat. Many of the new computer virus types seen during 2001 were using hacking techniques such as exploiting known security vulnerabilities. Worms such as Code Red are difficult to stop with traditional anti-virus solutions, because they never infect files, said Hypponen. "To combat these new types of combined hacking and virus attacks, the data security industry needs to combine functionality from traditional anti-virus programs and distributed firewall systems, providing protection against viruses, hacking and the combination of these threats," he explained.

A state of dread among savvy and novice computer users alike, first perceived in the year 2000, was amplified in 2001. Viruses continued to appear at the rate of five per day, according to Hypponen, and by year-end had accumulated to 59,000.

Nimda worm

Perhaps most notorious for its damage and for what it portends was the mass-mailing Nimda worm, the first Internet malware that actually took over websites in order to proliferate. Spread by four different methods, Nimda infected 2.5 million computers, taking just one day to infect local area networks and individual desktops globally.

"We have no idea where Nimda came from," commented Hypponen. "There are references to China inside, but those could be faked." Wherever its origin, he continued, it's likely to have been written by a group of people. "And, to develop and test a worm like Nimda, a testing lab with networks, servers and routers is needed. The size of the investment in both time and money makes one wonder what are the motives driving the creators of viruses like Nimda."

Much of the damage done by Nimda and a later worm called BadTrans was avoidable, in that preventive measures were freely available. In addition to commercial anti-virus products, Microsoft had warned of certain vulnerabilities in its applications, and offered a free patch; but many users were lax in a false sense of security and did not update their systems.

"That's skating on very thin ice," said Hypponen, "and many fell through".

But the world of anti-virus research wasn't without its victories either; both the Dutch author of Anna Kournikova virus and a group of Israeli teenagers behind the Goner virus were located and apprehended by authorities.

"The only way we can win is by catching these perpetrators and showing the world that virus-writing is a crime which doesn't pay," said Hypponen.

An example of devious craft showed itself in the distribution of viruses and other malware through mailing-list servers. Most members of affinity groups, such as music fan clubs and other opt-in organizations, open the email from those servers because, either consciously or instinctively, they trust the content. In just the first month of testing protective software provided by F-Secure, L-Soft reported stopping more than 100,000 virus attacks on some 630 lists hosted by that company.

Although most of the security problems over 2001 concerned users of Microsoft operating systems, other platforms had their share as well: In January, the first widespread Linux worm, known as Ramen, was found. In May, the Sadmind worm infected hundreds of Solaris-based Unix systems. And in June, Macintosh users had their share of e-mail mass mailing worms with the discovery of the Mac.Simpsons worm.

What lies ahead

Meanwhile, a wave of enthusiasm greeted Nokia's new smart phones and Microsoft's latest PDA platform, Pocket PC 2002. With the proliferation of mobile devices across enterprises, corporate assets ranging from e-mail to confidential financial information instantly become more vulnerable to theft or damage. Pocket PC 2002 and Nokia Communicator herald a whole new generation of wireless devices, many in the hands of end-users, with all the exposure and vulnerability that comes with the territory of such new products.

Anthony Gyursanszky, vice president of F-Secure's Wireless Security Solutions unit, said, "The security risks presented by these devices will multiply in January, as many professionals will bring the PDAs they have received as Christmas gifts into work, and start to place corporate data onto them. This data is then at risk of interception, loss, theft and worse, underlining the need for IT managers to have solutions which cover the entire IT spectrum, with strong encryption and content (anti-virus) security."

Unfortunately, the future looks no brighter, according to Hypponen. Human tendencies persist. And, those who get some diabolical pleasure out of attacking technology continue their destruction at an accelerating pace. In anticipation of continuing activity on this front, F-Secure increased its anti-virus signature updates to twice daily, which is believed to be the most frequent updating in the industry.