For many, August means summer vacations and watermelon, not desperate struggles with newly emerging viruses and other types of malware. For IT folk, however, summer heat and security threats go hand in hand.
“August is a big month for viruses. We know when all the big viruses have gone out in the last fifteen years, and a lot of those were in August,” said Eric Yoshizuru, product manager at Panda Software, a security solutions company based in Glendale, Calif. “In the summer period, a lot of people, including IT administrators, are on vacation, and companies have their guard down a bit.”
Historically, August has been a popular month for viruses, Yoshizuru said.
For example, the Sircam and CodeRed worms were released in August 2001. In August 2003, computers were brought down by the Mimail, Blaster, SObig.F and Nachi.A viruses. Last summer, security alerts included the Bagle.AH, Mydoom.N and Bagle.AM viruses.
The August trend continued this summer as well. Just this month, the Zotob and IRBCBot worms, which exploited a plug-and-play vulnerability in Windows 2000 and XP, made headlines.
“We have seen an increase in activity this August,” said David Bove, director of spyware research at Sunbelt Software, a security and antispyware and antispam software developer in Clearwater, Fla. “It seems that more threats have been released.”
In addition, many virus and spyware developers are becoming more focused in their attempts at infiltrating systems. “I would say there is a trend toward more targeted attacks,” said Yoshizuru, adding that some recent viruses have been focused on a specific company or vertical (such as financial institutions).
These attacks can net the personal information from thousands or even millions of individuals, rather than gathering data from one person at a time. For example, the recent Zotob and IRBCBot worms, which allowed outsiders to take control of PCs within organizations affected such large media outlets as CNN, ABC and The New York Times.
Instead of sheer mischief, script developers are hoping to make money.
Click here to read more on VARs’ role in protecting clients in: The Double-edged Sword of Technology and Security
“The motivation behind the attacks has been changing,” said Yoshizuru. “Rather than trying to get their fifteen minutes of fame, these [script writers] are moving toward organized crime and are taking advantage of the opportunity to make money.”
Companies are poised to spend on protection against virus and spyware threats, analyst report.
Last February, Forrester Research reported that 65 percent of businesses, both big and small, said that they plan to spend on malware protection in 2005.
The Cambridge, Mass.-based research firm polled 185 North American companies and found that 69 percent of large enterprises planned on buying antispyware tools, while 53 percent of small-to-medium-sized businesses were planning to invest in protection.
Meanwhile, the Radicati Group, a Palo Alto, Calif.-based research firm, found that the installed base of the corporate anti-spyware market will increase from 16 million seats in 2005, to over 540 million seats in 2009.
High cost of dealing with spyware
In part, this is because they are realizing that the cost of with these threats is high. For example, a report released by the Radicati Group in June reported the cost of dealing with spyware-infected computers will reach about $265 per user in 2005.
“The cost of an attack is extremely high, especially because the whole reputation of a company can be on the line,” said Yoshizuru.
Resellers also are keenly aware of the need for vigilance against these threats, and the confusion that besets many companies. “From our channel partners, we know that security is hot topic,” said Yoshizuru. “It is confusing because there are so many vendors and technologies out there, and companies are trying to make sense of it.”
The role of the channel is increasingly critical, particularly since threats are emerging more quickly than ever. “Typically, there is a lag time between when a vulnerability is discovered and a virus is created,” said Yoshizuru. “There’s a lot of talk about a zero day attack, in which a virus is written the same day that a vulnerability is discovered. That’s more of theory right now, but the trend is pointing toward it.”
Security vendors are standing in line to recruit VARs to sell their products and servicesClick here to read more.
In 2001, there was a 330 day lag, between when the Nimda worm was discovered and the virus was released, Yoshizuru said. In 2003, the MSBlast virus lagged by only 128 days.
The Zotob attack of earlier this month was launched only five days after the security hole was discovered. “We are getting closer to zero days, and that puts a lot of pressure on IT people,” Yoshizuru added.
As these threats increase, the channel has the potential to play a key role in educating customers, particularly small to medium businesses, about these emerging threats. “For bigger institutions, the awareness is very high, but for small to medium sized businesses it is much lower,” said Yoshizuru. “It is important that VARs educate customers and to be educated themselves.”
VARs can also help existing customers by providing up to date information about newly emerging threats. “Resellers are really taking these issues to heart,” said Bove. “The key for the VARs is to let customers know that these threats exist and to stay in communication with them. If they pass along news about threats, they kept it top of mind for those companies.”
Crossroads Business Solutions, a VAR based in Indianapolis, regularly emails tech tips about viruses and other threats to its customers. “We want to convince them that the cost of prevention is less than the cost of cleanup and lost time,” said Robert Green, president.
Today, as attacks become more sophisticated, VARs must step up to help customers choose multiple products and technologies to create a comprehensive security solution. “The attacks we are seeing are so sophisticated that it is necessary to use multiple types of technology, since no one solution would be able to stop it,” said Yoshizuru, adding that role of the VAR is to point to a combination of solutions that can close the security gap.
Customers often look to resellers to analyze the various security software options and recommend a combination of solutions to meet their needs, said Green. “We are not finding any one solution that is a silver bullet,” he says.
Hailey Lynne McKeefry, a partner in professionalink.biz, is a free-lance writer who specializes in technology and channel issues.