Despite fears of an online "cyberwar" triggered by the war in Iraq, reports of computer virus activity reached a new low in April, claimed anti-virus vendors.
Poor security policies and practices amongst corporates is a bigger concern for the spread of worms or viruses than cyber terrorism, the vendors claimed.
Trend Micro issued a mere eight low-level alert advisories in April, the fewest of any month this year and down from 22 in March.
The vendor claimed the "so-called 'cyberwar'" had run its course before the actual fighting ended in mid-April. No major attacks on the Internet infrastructure or significant disruptions of Internet traffic were reported. The only incident was "little more than an outbreak of 'cyber-graffiti'".
Although hacker activity escalated with the onset of war in March, the attacks were generally minor, low-tech exploits such as defacing web pages, along with a few denial of service (DoS) attacks.
Arguably the most prominent example of an organisation that fell victim to this type of cyber activism was the Kuwait-based media organisation al-Jazeera. In March a pro-US cyber vandal hacked into Internet routers and placed a 'redirect' for the Arabic and English pages of Al-Jazeera's Web site. Visitors were reportedly sent instead to a site displaying a US flag and a pro-US slogan. Since nothing at Al-Jazeera itself had been touched, reports claim all it took was a removal of the "redirect" and all was well again within hours.
Managed services architect at Trend Micro Australia, Andrew Gordon, speculated that the lull was due to script kiddies and virus writers being hooked into watching political events over the past month. Gordon added that the vendor sees a lot of activity around the European and US school holiday periods. However some viruses that have been out for some time, such as the Lovegate worm or Funlove which rated first and second respectively in terms of activity, are still causing problems for corporates.
"The main thing we are still witnessing is that the slow burners are still causing problems," Gordon said. "All you need is one machine in a corporate, that is forgotten about and sitting in a corner with cobwebs on it, still punching out malicious code. Corporates are still cleaning infections but are not totally eradicating it because they find it hard to find where the attack is originating."
Virus writers unleashed several very minor threats supposedly related to the war in Iraq, according to Trend Micro. The latest one, VBS_LISA.A, arrived on April 1. Trend Micro said subsequent new threats in April resorted to a variety of "social engineering" tricks, none too successfully.
Head of technology at Sophos Asia Pacific, Paul Ducklin, agreed that virus writers tend to capitalise on the war in Iraq, or any other event that is of global interest, to create viruses designed to attract people to open an attachment regardless of whether it is from an unknown source. Ducklin cited the example of the Ganda virus, spread by email with claims that it contains photos over Iraq taken by US spy satellites.
"When there are events of national or international importance, some users let their security guard down, and become more inclined to accept and look at emails that they would at other times simply delete without reading" he said.
A bigger concern, according to Ducklin, is changing the attitude and culture of users to automatically not open attachments, and getting businesses to update their anti-virus software.
Sophos released its latest monthly chart of the ten most frequently occurring viruses and hoaxes in April. Klez topped the list for the fifteenth consecutive month.
"Klez shouldn't be a problem any more, but it is, which suggests that people need to shift their attitudes to computer security, as well as just buying technology which can detect it," Ducklin said.
"All good, and even most bad, anti-virus software can detect Klez, and yet it is still at number one," Ducklin said. "This shows it's necessary to change the attitude and practices in security."