Data Show Hackers And Virus Writers Took
Some Time Off In December
by Donna Howell, © 2002 Investor's
Monday, 14th January 2002 - Did hackers and virus writers take off
for the holidays? Some attack trackers saw an absence of malice last month.
Others trace a lull to Sept. 11. But 2002 isn't likely to stay calm.
Data released Friday show that overall, security incidents are more than
doubling yearly. Last year, 52,658 incident reports came in to the CERT Coordination
Center at Carnegie Mellon University in Pittsburgh. That's almost 2 1/2 times
the incidents of 2000. This is the third year in a row the number more than
doubled. Yet some sense that all things considered, December bucked a trend.
Of recent years, "this is the least busy December," said Bill Wall, chief
security engineer at Harris Corp. in Melbourne, Fla. Wall has tracked computer
attacks and viruses for decades. He says hacking and virus activity often
spikes during and just after the December holidays, plus in summer. That's
when student hackers "have time on their hands or can get university computers."
Last month, Wall saw the fewest hacking attempts since perhaps the early 1990s.
"As I look at port scanning (hackers' probing for entry points) on our Web
sites and others," he said, "people just aren't rattling the doors." Nor,
others say, are viruses and worms running quite so rampant.
"There's a definite lull from Sept. 11, except the week after," said Alan
Paller, research director at the SANS Institute, a Bethesda, Md., computer
security think tank. The Nimda worm hit the week of Sept. 17. It caused $635
million in losses, says research firm Computer Economics Inc. "We haven't
had a substantial one like that in months," said Paller. "It feels quieter."
Data kept by British security firm mi2g Ltd show Web site defacement also
dropped in September. Some hackers may have simply been "too
busy following events" to launch attacks, said Chief Executive
D.K. Matai. Also, a new U.S. anti-terror law may have deterred them. "It
pretty much equated hacking to terrorism, and that equated to a lull,"
said Matai. Yet during 2001, defacements rose fourfold to nearly 30,400.
Was there really a lull in viruses? It depends on one's point of view. There
may have been no big new threats after Nimda to bother researchers. But computer
users found that the Nimda worm didn't go away. It made December 10 times
worse than June in virus incidence.
Online scans by anti-virus firm Trend Micro Inc. found 862,000 machines
infected with Nimda in December, down from 1.7 million in September. Taken
in total, 2001 was no security picnic. "We did see more activity," said Chad
Dougherty, a CERT Internet security analyst. "Both the Code Red and Nimda
worms were particularly large." They're the first that "involved hundreds
of thousands of machines," Dougherty said. "These are new levels of scope
for one particular piece of malicious code," he said. "Even outside the worm
incidents, we still saw an increase" in security problems. Don't expect a
lull this year, either.
"There's nothing to indicate to us this level of activity won't at least
remain constant, if not increase," said Dougherty. "Awareness of computer
security issues is pretty much still coming around."