X

Study: Viruses plaguing corporations

A new survey finds that between January 2000 and August 2001, the tally of virus attacks continued to grow. The good news: Companies appear to be taking security more seriously.

Margaret Kane Former Staff writer, CNET News
Margaret is a former news editor for CNET News, based in the Boston bureau.
See full bio
Margaret Kane
2 min read
Viruses continue to swarm U.S. corporations, with roughly 1.2 million incidents occurring in a 20-month period, according to a new study.

ICSA Labs, a division of security-services company TruSecure, surveyed 200 organizations between January 2000 and August 2001 as part of a regular survey sponsored by Gantz-Wiley Research, Network Associates, Panda Software and Symantec Corporation.

The attacks work out to about 113 encounters per 1,000 machines per month. It's a figure that's been growing around 20 encounters per 1,000 machines per month since ICSA began taking the survey in 1996.

Twenty-eight percent of companies were hit with a virus "disaster," which affects 25 or more servers or PCs. That figure is down from 51 percent in the 2000 survey, but officials said it could be a factor of timing.

The study was taken shortly before the Nimda virus hit worldwide, and around 62 percent of responses had already been filed, said Larry Birdwell, content security programs manager at ICSA and a co-author of the study.

Although e-mail is one of the main vectors of viruses and other attacks, new technologies are fast becoming a threat, Birdwell said.

Nimda, for instance, used four different methods to infect PCs running Windows 95, 98, Me and 2000, as well as servers running Windows 2000. The worm spreads by sending e-mail messages with infected attachments and then scanning for and infecting vulnerable Web servers.

"New technologies bring new types of problems," Birdwell said. "It's sort of like a wave: They come in gradually, go up exponentially, and then reach a peak to where (the antivirus industry) can take care of them. But just like the waves in the Pacific, there's always another one behind them."

The study found at least one good sign: Corporations appear to be taking protection more seriously.

In last year's study, almost all respondents reported incomplete or no protection for network services such as firewalls, proxy servers and e-mail servers. But this year, 84 percent of respondents said they have protected all their e-mail servers, 51 percent said they have protected their firewalls, and 45 percent said they have antivirus protection on their proxy servers.