The number of infected e-mail messages has been on the increase this year. However, while industry pundits are urging caution, they're also advising that it's important to keep the figures in perspective.
The volume of infected e-mail messages has definitely increased, agrees Allan Bell, senior marketing manager at anti-virus software vendor Network Associates.
Bell believes this has been driven, more recently, by the Klez worm.
However, he said that for corporates the issue is not just the volume of viruses but also the number of new threats.
-What often matters to corporates is the number of outbreaks they seeââ,¬"because that's when they have the major impact on their networks and incur costs cleaning up after a virus attack," Bell said.
The increase in the complexity of viruses was also cause for concern, Bell said, such as a virus entering an organisation's network one way, and propagating through other methods once it's inside.
-I think the issue for corporates is the changing nature of the virus threatââ,¬"what corporates need today is multi-tier protection and multi-technology protection," Bell said.
There was no doubt a small number of viruses were very widespread said Paul Ducklin, head of global support at anti-virus software vendor Sophos. However, he also urged taking virus prevalence figures based entirely on e-mail screenings with a pinch of salt, because they may count any e-mail containing a virus, even those sent to dead addresses designed to test a screening service.
-Viruses such as Sircam and Klez have stayed in the charts because they exploit bugs in e-mail software which can allow them to activate their attachments when you do nothing more than read your e-mail," Ducklin said. -By the time you have looked [at an e-mail] and decided to delete it as suspicious, it may already be too late."
Kathryn Kerr, threat assistant manager at security organisation AusCERT, said it had recorded an increase of 13 percent in the number of vulnerability bulletins it issued so far this year, compared with the same timeframe in 2001.
However, Kerr said it was also important to bear in mind that each bulletin doesn't necessarily represent a different vulnerability. For example, different bulletins may be issued if it affects various vendor's products.
Kerr said AusCERT monitored newsgroups, vendor's bulletins and other sources for early warnings. -I think you can say an underlying reason why there is increased reporting is a reflection of the fact that we're becoming more dependant on technology," Kerr said.
But she also believes that IT managers need to except that they need to have change management procedures in place, and to monitor sources to find out about the latest vulnerabilities.
However, Kerr warns that they don't want to get swamped by information either. -They also need to be working out a procedure for physically implementing those patches on systems and documenting those changes," she said.
Although Kerr admits that all this focus on security can mean more work for IT departments, she argues that those that don't take heed of the trend are going to be more vulnerable to attack. -We receive reports from people attacked after a patch is made available, [where] delaying in patching has led to a compromise."
