I believe we've seen the end of the large-scale computer virus attack. Gone are the widespread attacks of Melissa, I Love You, even Sobig and, with that, the demise of virus seasons, predictable periods typically from March through May and August through September when you could expect to see new virus activity. And yet, information released by Symantec and other antivirus software vendors shows that the number of active viruses and worms continues to rise, from 10,866 in the first half of 2005 to 10,992 in the second half. Virus writers are producing fewer families of new viruses and worms, but they're also generating a greater number of variants, each more specific than the last, with some variants able to evade traditional antivirus signature and heuristics. Worse, you may already be infected with these new pests, despite the belief that you have adequate protection. It's a whole new ball game on the Internet, and this time it's personal.

Crimeware cometh
Symantec's internal research shows an increase in what Vincent Weaver, director of antivirus research at Symantec, and others are calling "crimeware." Examples of crimeware include worms and Trojan horses that facilitate identity fraud, espionage, and extortion relating to denial-of-service attacks. Computer viruses these days are no longer being written by punk kids living in the German countryside. One Symantec researcher told me that one Trojan horse code he analyzed indicated that the programmer made modifications only between 8am and 5pm; in other words, this was the writer's day job. And these customized, targeted viruses, worms, and Trojan horses--often variants of something already out there--are being produced much faster than the ego-boosting viruses we're used to.

	Virus writers are producing fewer families of new viruses and worms, but they're also generating a greater number of variants, each more specific than the last.

Security vendor MessageLabs reports that targeted Trojan horse attacks are increasing sharply among businesses. The financial services sector is an obvious favorite. But the manufacturing sector is also affected by spear-phishing, targeted virus-laden e-mail that is used to lure one person inside a company to expose his or her desktop to infection. The theft of trade secrets is on the rise. Recently, authorities in London arrested an Israeli couple for allegedly crafting a Trojan horse that they tried to sell on the open market. The couple represents only the tip of the iceberg in a growing scandal that involves several Israeli corporations--each allegedly spying upon the other. Implicated in this scandal are Israel's top mobile phone operator, Cellcom, and two subsidiaries--Bezeq Israel Telecom and the cellular operator Pelephone--and a satellite television service called Yes.

Targeting you, too
But companies aren't the only victims of these new targeted viruses and worms. Home users are increasingly under attack--mostly from the relatively benign vectors of spam, spyware, and instant messages, any of which may now contain remote-access Trojan horse code. I've written before about botnets, networks of individual computers that can be remotely controlled by criminal hackers or bot herders. The Symantec research shows that the number of bot-infected PCs within the United States went down slightly during 2005, from 10,347 in the first half to 9,163 in the second. But the United States still hosts 26 percent of the world's bot-infected computers. And bot-related malicious code seen by Symantec was up in the second half of 2005, at 20 percent vs. 14 percent.

It's also possible that your machine might serve many masters, controlled by different bot herders each of whom has managed to gain a foothold.

In 2005, MessageLabs found a direct correlation between increases in Trojan horse activity and botnets. Bot herders send out boutique viruses that first exploit some new vulnerability in Windows then routinely shut down active security defenses; that way they can freely download additional malicious code that controls a PC from afar. As home users wise up and reclaim their PCs from remote access, they drop off the botnet. Over time, the bot herder must replenish his or her collection of owned PCs. MessageLabs reports that there's an obvious increase in unique Trojan horse activity when bot herders are looking to rebuild their networks. Herders will use the existing botnet as the foundation to release new viruses, enabling them to infect thousands of new computers quickly in the narrow window before the antivirus companies can protect their users against the new attack. MessageLabs research also found that bot herders today favor having more smaller botnets over owning one large one--this makes it easier for the botnets to fly under the radar.

Stealth viruses
Which brings us back to the idea of individual, almost stealth viruses and worms lurking out on the Internet. MessageLabs reports that botnet-infected computers are much more vulnerable to new virus attacks, such as Sober.x, which was launched into the wild on November 16, 2005. In other words, you might think that your computer is adequately protected, but if your PC has already been enslaved by one bot herder or another, you'll have no protection whatsoever from new attacks; it's also possible your machine might serve many masters, controlled by different bot herders each of whom have managed to gain a foothold. That might explain why your hard drive light is flashing at all hours of the night.

I recommend running a manual antivirus scan from time to time to make sure everything's working properly. And while you're at it, it can't hurt to run an antispyware scan, as well. At the very least, make sure you have the latest patches from Microsoft. The lurid headlines on CNN proclaiming that a major virus will soon destroy your PC may be gone, but the threat definitely remains.

Will we see another major virus in 2006, or have virus writers all been conscripted to write targeted viruses and worms? Talk back to me.