Top Malware of 2000 : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Security Portal



1997 proved to be an exponential growth year for macro viruses. Over 1,000 macro viruses were developed from the fall of 1995 through 1997! CAP, a new macro virus discovered in the wild in 1997, kicked NYB out of the top spot in 1997.

In 1997 one of every thirty computers in corporate America was infected with malware, according to the 1997 ICSA prevalency survey.

In 1998 the Concept macro virus was responsible for roughly half of all malware infections worldwide. Traditional boot sector viruses, such as AntiEXE and Form, comprised the other 50% of malware infections for 1997 through 1998. Email hoaxes also gained a new life in 1998, with more people than ever on the Internet especially new computer users.

In 1999 we experienced a wide variety of new security exploits, especially worms and Trojans. Melissa and CIH are the two most widely publicized malware from 1999. Variants of CIH (e.g., Chernobyl) carried the worst payload, erasing data and corrupting the BIOS settings on as many as 600,000 computers in a single day.

Perhaps even more distressing, worms like Happy99.exe (SKA) continued to propagate in large numbers in the wild. Such propagation is a clear and sad reflection of the large number of computer users that are uneducated and unprotected against such malware. Hoaxes continue to be spread throughout the Internet, especially in the month of December.

The year 2000 brought with it many fears of Y2K bug failures as well as the dramatic impact of LoveLetter upon corporate networks worldwide. Worms appeared in the top ten list in 1999 and took first place in 2000. Much like the Internet worm of 1989, worms in 2000 spread like wildfire through email clients such as Outlook. At the same time file infectors made a small comeback in 2000, pointing to areas of opportunity for behavioral management and motivation of corporate employees.

Other malware, like CAP and SKA (Happy99) have made the top ten two years in a row. Such trends point to several important elements of anti-malware:

Users can take up to two years or more to install important updates to anti-malware software and vulnerability patches. Updates should occur on a regular basis for all computers.

The general Internet community is largely uneducated on the basic essentials of anti-malware concepts and computing. Many think nothing of simply double-clicking on an email attachment, putting entire networks at risk.

Corporate attempts to block malware are failing. Some configurations are improperly configured; others are simply not used; many are understaffed and unskilled/not trained for anti-malware procedures.

Malware is becoming more complex, featuring multiple characteristics such as stealth, Trojan, and worm attributes. Automated signature file updates, heuristic scanning technology, and change protection software needs to be improved as quickly as possible to provide the best possible protection against new malware."

-- Rachel Gibson (, February 01, 2001

Moderation questions? read the FAQ