In a summary of its work over the year, Massachusetts-based Sophos revealed that it had detected 7,064 new worms, viruses and Trojan horses. (Rival security firm Symantec provides a useful explanation of the differences between worms, viruses and Trojan horses.)
The year also brought new techniques for slipping spam through scanners, including the tactic of mixing innocent and bad text and using invalid HTML code or random characters to break up 'spammy' words.
Other trends detected by the company included a significant rise in the number of backdoor Trojans being used to implant RATs. These can be used for many purposes, such as obtaining personal information from the infected computer, but Sophos speculates that a large number are being used for the sending of spam.
In fact, Sophos estimates that 30% of the world's spam is sent from compromised computers, suggesting that spammers and virus authors are joining. This combination theory is supported by the Mimail-E and Mimail-H worms which recently used infected computers as a launch pad for denial of service attacks on several anti-spam websites.
It says the purpose behind viruses is also changing, from a simple desire to create havoc, to one of obtaining financial reward. According to Sophos, several worms attempted to extract financial information from infected users during 2003. The most prolific of these was Mimail-J, a worm that disguised itself as a message from the PayPal on-line payment service. It duped users into disclosing confidential credit card and PIN details.
Only today, MessageLabs, another security firm, has issued a warning about a new variant, Mimail.M-mm. First detected last night in the US, this self propogating mass-mailer spreads with an attachment called wendy.zip.
However, the worst worm in the course of the year was the Sobig-F worm. It accounted for almost a fifth of all reports to Sophos during 2003, making it the hardest hitting virus of the year, albeit the top spot was hotly contested by the Blaster worm, which attempted to knock a Microsoft site off the internet.
Both of these, plus the third-placed Nachi worm, hit businesses and home users during August 2003, making it the worst single month in virus history.
"Ironically some of the people worst impacted by Sobig-F were the spammers," said Chris Belthoff, senior security analyst at Sophos. "They found that they could not send their millions of spams as easily because their e-mail gateways were deluged by Sobig traffic."