This is a summary of Computer Virus Incident Reports for December 2001 and 2001 as a whole compiled by IPA: Information-technology Promotion Agency (President: Shigeo Muraoka). 3,900 reports were submitted in December 2001. This is the biggest number since August 2001 when 2,809 reports were submitted. It is because the number of reports for W32/Badtrans (a variant) counted 2,701 in this month, which is the biggest number for a virus to be reported in a month since August 2001 when 1,247 reports were submitted for W32/Sircam.

The variant of W32/Badtrans is a kind of virus that misuses Internet Explorer’s vulnerabilities. It will be automatically executed when you just open the email with Outlook or just preview the email with OutlookExpress. Once infected, it will re-send itself to all the addresses recorded in the computer (It's not only the addresses registered in the "Address Book".) Besides, a program that records keyboarding will be automatically installed. Therefore, it is possible that the typed passwords, the typed numbers of credit cards and so on will be sent out. As you can see, it has effective and malicious infection systems.

Figure: The preview screen of the email from W32/Badtrans (a variant).under Japanese

The percentage of reports by individual user made up 36.7% of total reports in December (23.3% in 2001, 8.3% in 2000). Among it, the percentage of the actual damage was 28.9%. Those who reported didn’t apply any anti-virus software nor update the definition files.

The rate for actual damage of December sorted by reporting body

	NUMBER OF REPORT	ACTUAL DAMAGE (THE RATE)
GENERAL CORPORATE USER	2,293(58.8%)	283(12.3%)
INDIVIDUAL USER	1,430(36.7%)	413(28.9%)
EDUCATION/RESEARCH INSTITUTE	177(4.5%)	45(25.4%)

In 2001, the viruses that misuse email systems were the major threat as well as in 2000 and the viruses that misuse vulnerabilities constantly appeared as well. Therefore, the total number of reports in 2001 counted 24261, which was over the double of that in the last year (11109). However, the rate for the actual damage remained 19% (20% in the last year) and it shows that the measurements such as applying anti-virus software has been strengthened and became more common for corporate users.
Refer to the appendix regarding the details.

 

The most important thing for the anti-virus measurements is to prepare and prevent. Once infected, it becomes very hard to repair, for example you need to initialize the computer in some case. However, you don’t need to have highly professional skills for the prevention in advance. Even beginners can do sufficient measurements with some knowledge. Practice the steps as follows and prevent your computer from infections:

1. Not to lose your cool in getting an infected email, you need to apply anti-virus software and keep it ready to use.

   • Information regarding anti-virus software http://www.ipa.go.jp/security/antivirus/vacc-info.html(Japanese) (Contact address of vendors, the way to make sure of definition files and set up the examine objects and so on are here.)

2. You need to collect the newest information and conduct appropriate measurements. Check the Web site below at least once a week and take attention to the information on new viruses and vulnerabilities. If there is any vulnerabilities in your application/software, you need to deal with it as soon as possible.

   • A guideline for security measurements to home users
     http://www.microsoft.com/Japan/enable/products/security/(Japanese)
   • IPA Security Center
     http://www.ipa.go.jp/security/index-e.html

3. You need to be careful about emails from someone you know as well. Most of the viruses that misuse email systems usually re-send themselves to the addresses registered at the "Address Book". It is easy to misunderstand that you receive the email from someone you know. (Refer to the Q&A) There are still lot s of people who believe that (s)he can never receive infected emails unless (s)he is under infected.

• Q: I wonder why (s)he sends me infected emails on purpose.
• A: Once infected, the virus will automatically re-send itself. Therefore, it is rare that someone sends infected emails on purpose. Without knowing that, the person can be attacking someone else. So let the sender know about it if you find out.

IPA Security Center (IPA/ISEC)
(ISEC: Information technology SEcurity Center)
Phone: 03-5978-7508 FAX: 03-5978-7518  E-mail:
Emergency call: 03-5978-7509  URL: http://www.ipa.go.jp/security/