Opinion: Troubled Times for E-mail

A quick glance at MessageLabs' end of year statistics on virus activity and an impression that's been growing since the summer gets sharper.

We've reached a tipping point with viruses, and it's very bad place to be.

It used to be that the bulk of virus e-mails had the intent of being just annoying. An appropriate way to think about the virus/worm author was the teenage tinkerer seeing what kind of trouble he could stir up. Damage estimates were measured in downtime and theoretical lost productivity from some hypothetical nirvana of 100 percent worker productivity. Sure there were more serious types out there, actively after your digitally-stored assets, but they tended to use lower profile, smarter, means to attack systems.

The Sobig.F worm changed that in a big way. As the fastest-spreading worm to date, Sobig.F became spam-like in the way it flooded users' inboxes with hundreds of messages. For the record, MessageLabs, a security vendor and e-mail hoster, reports that Sobig.F was the most common e-mail infection of 2003, with 32 million Sobig.F mails intercepted. The No. 2 infected e-mail, Swen.A, was way, way down at 4.1 million. (See table below).

But Sobig.F was more than similar to spam. It appears to have been designed to turn infected PCs into spam-relay engines, MessageLabs notes. Is it a coincidence that spam boomed in 2003? The overall ratio for spam to e-mail for the year leapt from one in 11 for 2002 to one in 2.5 this year. MessageLabs also reports that more than 66 percent of spam was sent through hijacked computers.

The flood of spam sent through hijacked computers, many of them consumer systems with broadband connections, is leading to serious questions about the future of e-mail. Perhaps nothing illustrates the general frustration with spam as well as a survey done for Symantec of 500 small businesses. About 42 percent of the respondents said they would consider abandoning e-mail for business correspondence if the spam situation worsened. While the idea probably never occurred to most of the respondents before being presented with it in the survey, the fact that they didn't dismiss it out of hand is sobering. (View Symantec's discussion of the survey here.

There is reason to suspect the Sobig author of aiming for more than the disruption of the e-mail system. By creating an open proxy network for spam relays, the virus author had an asset to sell to spammers, or possibly a network to hand over to the bosses at a spamming organization. Consider this: The Sobig e-mails each expired after a set time, and each expiration date was followed immediately by a new variant of the malware. When Sobig.F spread like a wildfire in high wind, the spam-relay network would have been in place and probably would have been much wider than the author could have hoped. If the author was out to wreak havoc rather than chase profits, why not take the lessons learned from Sobig.F and plow them into a Sobig.G?

This leaves us with a new model for the virus/worm author -- somebody with a profit motive. It's evident in another blockbuster worm of 2003. Mimail is the one with the variant asking PayPal customers to update billing information, including credit card numbers and expiration dates.

These are two pretty strong examples that profit motive, rather than notoriety, is becoming the driver for authors of viruses that erupt into mass outbreaks. Market forces being what they are, we should expect competition to drive virus writing to new heights in 2004.

Following is MessageLabs' tally of virus e-mails it had stopped by Dec. 1:

  1. W32/Sobig.F-mm -- 32,432,730
  2. W32/Swen.A-mm -- 4,184,129
  3. W32/Klez.H-mm -- 4,006,766
  4. W32/Yaha.E-mm -- 1,920,424
  5. W32/Dumaru.A-mm -- 1,129,061
  6. W32/Mimail.A-mm -- 1,052,481
  7. W32/Yaha.M-mm -- 862,682
  8. W32/Sobig.A-mm -- 842,729
  9. W32/BugBear.B-mm -- 814,865
  10. W32/SirCam.A-mm -- 511,578

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • SharePoint Framework 1.8 Now Generally Available

    Microsoft this week announced that SharePoint Framework 1.8 had reached "general availability" status, although some features are still at the preview stage.

  • How To Create Office 365 User Accounts in Bulk

    Manual account creation can be tedious, time-consuming and prone to human error, especially if you have more than a handful of Office 365 users to set up. Brien shows you a better way.

  • System Center 2019 Reaches General Availability

    System Center 2019 has now reached the "general availability" product stage, Microsoft indicated in a Thursday update.

  • SharePoint Online Users Getting News Improvements This Month

    Microsoft plans to roll out new capabilities for SharePoint Online users this month that will add greater control over how News articles appear in SharePoint sites, according to a Wednesday announcement.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.