Symantec has published a list of the top nasties that attacked PC users in 2002. The anti-virus manufacturer ranked the five worst threats faced by computer users in the past year, based on both their volume and impact.
Heading up the list are email threats, which continued to increase in number last year, with over 323 discovered. These bothersome bugs included worms, which are programs or algorithms that replicate themselves over a computer network and can clog up a computer's resources or even shut it down. An example of this type of virus is Lirva.
A similar type of email-based threat is a Trojan, these viruses masquerade as benign programs. While they don't replicate themselves in the same way as worms, they can be equally troublesome, and may even arrive as part of a worm virus, as in the case of Bugbear and Myparty.
Symantec says that the rise in such email threats is the result of both vulnerabilities in email software and a lack of user awareness. It warns that "any content sent … [via email] should be regarded as dangerous until… validated."
These mail bugs have real staying power too, as W95.Hybris.worm proves. It was first unleashed back in 2000, but remains a severe threat three years later, ranking number four in the virus chart last year. Other bugs that just keep doing the rounds include mass mailer worms like W32.Klez.H@mm and W32.Magistr.39921@mm, the latter of which has been at large since 2001.
Symantec anticipates that this problem will only get worse in 2003 as mass mailers become more sophisticated, automatically sending themselves out without the need for a recipient to double-click on the attachment. Instead the code will execute as the message is previewed.
Second in Symantec's top five trouble spots are exposed or incorrectly configured resources. In 2002 it recorded over 50 threats that used open file shares to propagate, so it recommends users put a personal firewall in place to keep intruders out of their PC, and to correctly configure their PC by implementing all authentication features possible.
Number three are peer-to-peer (P2P) and instant message based threats. As P2P services like Kazaa and Morpheus grow in popularity users expose themselves to both the inherent vulnerabilities of such services, and to the risks posed by content downloaded from them. Symantec saw 70 threats in 2002 that relied on P2P and instant messaging to spread, including worms and Trojans.
Coming in fourth place are potential web browser based threats. In 2002 over 67 vulnerabilities were uncovered, which could leave millions of desktops open to attack from malicious code.
Finally, and perhaps most obviously, Symantec said that users who fail to use passwords, or choose particularly easy-to-guess ones, leave themselves wide open to attack.