2003: Year of the Worm?

Digital attacks, including worms and viruses, have caused more than $8 billion in damages worldwide in January 2003, with the Slammer virus alone costing about $1 billion, according to a report by U.K.-based security company mi2g Ltd.

January attacks are at a record level, numbering close to 20,000 in just the first month of a year that analysts predict will see a widespread increase in security incidents.

At the present growth rate, 2003 is likely to be hit with more than 180,000 digital attacks worldwide, according to mi2g’s estimates, putting economic damage between $80 and $100 billion for the whole year. That’s a big leap from 2002’s numbers, which rang in at 87,525.

The Slammer malware [define] attack, which slowed or halted email, business and even ATM transactions around the globe arrived in South East Asia on January 25th and accounted for damages of $945 million to $1.15 billion, according to analysts at mi2g. This makes Slammer the ninth most-destructive worm or virus on record, mi2g said.

“Slammer’s impact on emergency services, the Internet backbone, airlines and financial services was short-lived but remarkable given the absence of any destructive payload,” says DK Matai, chairman and CEO of the security firm. “In the next few months Slammer variants could emerge which are capable of being used in a blended threat scenario alongside physical attacks by radicals. This could achieve a significant multiplier effect given the dependence and demonstrable lack of preparedness of the globally networked society.”

Slammer, widely seen as an omen of worms to come this year, wreaked havoc for three days from Europe to North America and Asia, and was quelled after network and security administrators around the globe installed the necessary patch that closed the hole the worm was crawling through.

Steven Sundermeier product manager at Central Command, Inc. comments on the widespread attack: “Despite the abundance of new and fast spreading Internet worms arriving via email in January, the most noteworthy worm was W32/SQL.Slammer.A, a fileless worm that targets Microsoft SQL 2000 Servers. It marked the first re-appearance of this type of worm since CODERED back in 2001. In just a matter of hours this small worm, traveling through UDP port 1434, impacted tens of thousands of vulnerable servers and was directly attributed to the Internet slow-down the morning of Saturday, January 25, 2003.”

Microsoft released a patch for the known vulnerability in it’s SQL 2000 Web servers last summer, but obviously many companies and home users failed to install the patch, leaving their systems open for attack. The worm, which doesn’t damage the infected machine or delete or change files, generates massive amounts of network packets, overloading servers and routers, slowing down network traffic – sometimes bringing it to a complete stop under the weight of the attack.

The report from mi2g noted that Slammer interfered with emergency telephone systems, and disrupted five of the 13 root DNS servers, online airline ticketing systems, and credit card and ATM services.

Security analysts say they are not expecting any further spikes caused by the Slammer worm. Various governments, which reportedly include the U.S. and South Korea, are now tracking down whoever released the worm in the wild. Initial investigations are pointing to the worm originating in China.

mi2g found that the top three countries attacked by hackers in January 2002 were in the Far East: China, South Korea and Malaysia. Excluding malware attacks, the main targets for January 2003 have all been in the West: U.S., UK and Germany.

Top 10 Attacked Governments
Rank Country Attacks
1. Brazil 47
2. China 22
3. Taiwan 19
4. United States 17
5. Argentina 6
6. Australia 6
7. United Kingdom 6
8. Turkey 5
9. Egypt 4
10. Costa Rica 3
Source: mi2g

Sundermeier echoed mi2g’s foreboding: “If the month of January is any sign of the year to come, we could be in for a very long year. It was definitely be a month to remember as we have never had so many new entries fill our top twelve slots.”

January 2003 Dirty Dozen
Rank Virus Percentage
1. Worm/Klez.E (incl. G variant) 27.2 percent
2. W32/Yaha.E 17.7 percent
3. Worm/Sobig.A 11.9 percent
4. Worm/Avril.A 10.8 percent
5. Worm/Yaha.M2 7.4 percent
6. Worm/Avril.B 6.0 percent
7. Worm/Bugbear 2.3 percent
8. Worm/Sircam.C 1.4 percent
9. W32/Elkern.C 1.3 percent
10. W32/Funlove 0.6 percent
11. W32/Nimda 0.5 percent
12. Worm/Opasoft 0.4 percent
Others 12.5 percent
Note: The table represents the most prevalent viruses for January 2003, number one being the most frequent.
Source: Central Command

Related reading