Symantec Europe
global sites
products and services
security response
about symantec

© 1995-2008 Symantec Corporation.
All rights reserved.

Legal Notices
Privacy Policy

Home and Home Office

Viruses that can cost you

They spread at a dazzling speed, attack in various ways and behave as if they were endowed with artificial intelligence. Today's viruses cause damage estimated to cost millions of dollars each year in damage.

According to some surveys, more than 7,000 new viruses were discovered in 2003. 7,000 relatively virulent malicious codes have been added to the big viral family that is said to number close to 80,000 members today. This odd "family" keeps growing and inventing new techniques to wreak more havoc. Today's viruses have very little in common with their forbears of the days of viral infection through floppy disk. They spread at a dazzling speed, attack in various ways, behave as if they were endowed with artificial intelligence, and affect a much wider public.

The damages they cause are different too: whereas yesterday's viruses mostly tried to damage or delete files, today's viruses have other goals. Some behave like hackers in order to steal information, attack a Web site or server or even to jam the World Wide Web. They sometimes cause damage far more serious than the mere loss of a file. There are different estimates as to the scale of the damages caused by these viruses. Some consulting groups, like London-based Mi2g, estimate damages caused by viruses like Sobig or Klez in the billions of dollars. As for the FBI, which had been spearheading the survey of cyber-crimes in the last few years, it prefers putting forward a more conservative estimate. According to the federal bureau, viruses have caused 27 million dollars worth of damages in 2003. This represents a huge blow to personal and corporate budgets. Hereís a flashback of the recent years' most lethal viruses.

Klez, Bugbear and Sobig: anti-virus hijackers and killers

In 2001, users got acquainted with a virus that shattered all their convictions: the numerous variants of the Klez virus seemed to be emanating from secure workstations and the apparent senders were adamant that they had nothing to do with its propagation. Still active and considered a level 3 risk (average), Klez fools its victims as to the infection source by usurping the users' e-mail addresses. But it resorts to other tricks: it randomly chooses a document in the infected computer and e-mails it to the entire address book. The victim's private correspondence, family pictures, or work documents end up circulating on the Web. Klez then deactivates the anti-viruses and other security software in order to make its eradication impossible. The virus managed to infect 80,000 users in 30 days. The exact amount of the damages is yet unknown but estimated in the millions of dollars.

  • Damages caused by the Klez virus: Loss of privacy due to the victim's computer sending a confidential document, network jamming due to mass e-mailing, etc. The U.S. State Department and the 23,000 persons on its traveler's alert mailing list lived to learn it the hard way in May 2002: the virus sent infected documents to all the State Department's newsletter subscribers.

    Released in June 2003, Bugbear spreads in a similar way as Klez (using an e-mail containing an infected attachment, IP spoofing, etc.). It affected more than 100,000 users worldwide in a few months. In the United States, itís even become a big issue: the FBI has received warnings regarding banking piracy, as the virus mostly targets the banks' e-mail addresses. Bugbear is still graded as a level 4 risk (severe) by Symantec. Behaving like a hacker, it installs a Trojan horse in order to monitor the user's keystrokes.
  • Damages caused by the Bugbear virus: Theft of confidential information such as passwords or credit card numbers through the monitoring of keystrokes.
    But none of these two viruses could measure up to Sobig in terms of the extent of the damages. According to the London-based Mi2g consulting group, this virus, which also spreads via e-mail and infected attachments, has caused damages that are estimated between 500 million and 1 billion dollars. The reason behind this outrageous cost: the jamming of networks via mass spam (non-solicited e-mail) sent by the virus. On Aug 23, 2003 Sobig accounted for one out of 16 messages sent on the Internet! To guard against these threats, users should remain on the lookout for these suspicious attachments and run them against an updated anti-virus scanner.
  • Damages caused by the Sobig virus: Network jamming and outage. The systems destabilization caused train delays in the United States, bank shutdowns in Norway and Internet connection interruption in Singapore.

Nimda, Code Red, Blaster: so many threats for the networks

The Nimda and Code Red viruses made headlines during the summer of 200. They took advantage of some known weaknesses of the Internet Information Server (IIS) and Microsoft's Internet Explorer. Nimda spread through e-mail and the networks in a record amount of time: more than two million computers were infected in only 24 hours. Corruption of Websites, opening of shared drives, jamming of e-mail servers, launching of service denials... According to a survey conducted By Computer Economics, Nimda's nuisances have cost users and companies more than 10 billion dollars worldwide. On the other hand, its "brother" Code Red has caused damages estimated at 2 billion dollars.

  • Damages caused by the Nimda and Code Red viruses: Nimda caused numerous dysfunctions by jamming networks and companies' servers. In September 2001, the Japanese ministry of agriculture experienced a general failure of its information system. Yellowworld, the Swiss Postal Service portal, had to stop its payment processes.
    With the advent of broadband, users who hadn't updated their antivirus system found themselves exposed to Blaster type viruses last August. The virus breaks into computers via the TCP 135 port by taking advantage of a Microsoft weakness. Still active and graded as a risk 3 level (average) by Symantec, it uses the infected computer to launch service DoS (Denial of Service) attacks against the WindowsUpdate site. These actions may destabilize the system and cause untimely rebooting. According to Mi2g, Blaster has infected more than 300,000 computers in 24 hours and caused 525 million dollars worth of damages.
  • Damages caused by the Blaster virus: Blaster's attacks have affected the U.S. government computers. The virus has also caused the malfunction of Air Canada's check-in system and power outages in Ohio.

    In order to avoid malicious codes that spread via computer networks, users should imperatively update their software. Most of these threats exploit known security weaknesses. Firewalls remain the best tool to block them.

Useful links:

- List of major viruses (level 3 through 5)
- Virus glossary