Symantec has published a list of the top nasties that attacked PC users in 2002. The antivirus manufacturer ranked the five worst threats faced by computer users in the past year, based on both their volume and impact.
Heading the list are email threats, which continued to increase in number last year, with over 323 discovered. These bothersome bugs included worms, which are programs or algorithms that replicate themselves over a computer network and can clog up a computer's resources or even shut it down. An example of this type of virus is Lirva.
A similar type of email-based threat is a Trojan. These viruses masquerade as benign programs. While they don't replicate themselves in the same way as worms, they can be equally troublesome and may even arrive as part of a worm virus, as in the case of Bugbear and Myparty.
Symantec says the rise in such email threats is the result of vulnerabilities in email software and a lack of user awareness. It warns that "any content sent [via email] should be regarded as dangerous until validated."
These mail bugs have real staying power too, as W95.Hybris.worm proves. First unleashed back in 2000, it remains a severe threat three years later, ranking number four in the virus chart last year. Other bugs that just keep doing the rounds include mass mailer worms like W32.Klez.H@mm and W32.Magistr.39921@mm, which has been at large since 2001.
Symantec anticipates this problem will only get worse in 2003 as mass mailers become more sophisticated, automatically sending themselves out without the need for a recipient to double-click on the attachment. Instead the code will execute as the message is previewed.
Second in Symantec's top five trouble spots are exposed or incorrectly configured resources. In 2002 it recorded over 50 threats that used open file shares to propagate. As a defence Symantec recommends users put a personal firewall in place to keep intruders out of their PC and correctly configure their PC by implementing all authentication features possible.
Number three are P2P (peer-to-peer) and instant message-based threats. As P2P services such as Kazaa and Morpheus grow in popularity, users expose themselves to both the inherent vulnerabilities of such services and to the risks posed by content downloaded from them. Symantec saw 70 threats in 2002 that relied on P2P and instant messaging to spread, including worms and Trojans.
Coming in fourth place are potential web browser-based threats. In 2002 over 67 vulnerabilities that could leave desktops open to attack from malicious code were uncovered.
Finally, and perhaps most obviously, Symantec said users who fail to use passwords or choose ones that are particularly easy to guess leave themselves wide open to attack.