SARS isn't the only virus we need to worry about

Nick Hawkins, director and general manager of MessageLabs, speaks to FinanceAsia about computer virus trends in the banking and finance industry.

Is the number of viruses you intercept increasing any more than email traffic itself?

Hawkins: We're seeing a dramatic increase in the number of viruses and their proportion to emails sent. In the year 2000, the virus to email ratio in the global finance and banking industry was one virus in 1070 emails. As of March 2003, this ratio has increased over five-fold to one in 186 emails. Interestingly, in Asia Pacific the financial industry has a slightly better virus to email ratio of one in 282. Although we did not see many new viruses in 2002, twice as many viruses and its variants in 2002 were detected than in all of 2001.

What kind of sample base have you used to come up with these figures?

We have 300 customers worldwide in the banking and finance industry, and about 50 in Asia Pacific. Our largest client in the industry has 40,000 users, while our smallest has just 20. Because we operate as an internet level scanner, vetting emails before they can impact on clients' systems, we can do a lot of real-time reporting from our data centres and can measure trends by verticals.

What virus has been the most prevalent recently?

The most active virus in the banking and finance industry so far in 2003 is the Klez virus. In the first three months of this year we have identified 157,640 cases of the Klez virus, as opposed to 482,670 cases identified in 2002. It's not really a new virus; it has been around for about a year and a half. But there have been lots of variants of it, and organisations and individuals are also not keeping up with their patches and virus definitions. Its success is due to both of these reasons. The thing with the Klez virus, and a lot of other similar viruses is that they not only email a copy of themselves to addresses from the victim's address book, but they also randomly select a file from the victim's computer and send it as an attachment. What would happen if the bank had sent a Klez-infected email to its client resulting in the client's financials or business plan being dispersed to the general public? What would the repercussions be for the client's business and to the bank's reputation? This is why it's so essential to have proper virus protection in place, and just relying on desktop level antivirus programs isn't really good enough.

What about viruses such as last year's Bugbear, which could open back doors on computers, log keystrokes and capture bank account information, credit card numbers, user names, passwords and other information?

I don't think there are any publicised cases of this actually happening, but is there a trend for viruses to be targeted at doing specific things like this? We have noticed in recent viruses that more and more are including trojans, small programs that act as a secret back door into your computer. Another example is the Lovegate virus, which was much more widespread in Asia Pacific than elsewhere in the world. The interesting thing about Lovegate is that it uses its own email engine to respond to messages in a victim's inbox. It mimics the auto-reply function in an effort to trick people into opening the virus-laden attachment. Trojans are one of the best ways for someone to get into your system. And often if we catch these attempts via email viruses we can tell that an organisation has become a target. If hackers are trying one way, they're possibly trying other ways to get in as well.

So what are the advantages for organisations in having someone do internet level scanning of their emails?

Internet level scanning is like having SARS inspections at the airport rather than waiting for symptoms to appear inside the country. The antivirus community detects about 30 new viruses a week. Some of these you never get to hear about. Companies will find it impossible to put in a fix individually for every one, and even doing updates once a week leaves some vulnerability to brand new viruses. Because we scan email at an internet level outside of the organisation and have the scale and resources we are actually updating our definitions in real-time as they're created, taking the pressure of this responsibility away from the IT departments.