Year in review: Scams up, but big Net attack averted
The bad news: cybercriminals stepped up efforts to separate consumers from their money. The good news: a major flaw in Internet protocol got fixed.
Scams up, but big Net attack averted
Consumers continued to face online threats to their personal data and finances in 2008 from bigger, badder botnets to scams exploiting the economic downturn to more security holes in trusted sites.
But some quick action on the part of a security researcher and collaboration among Microsoft, Cisco Systems, and other companies in simultaneously releasing patches for a major flaw in an important protocol likely prevented a major attack on the Internet.
Credit: CNET News
Dan Kaminsky
Dan Kaminsky, director of penetration testing for IOActive, warned security software vendors about the problem with the Domain Name System that translates Web addresses into numerical Internet Protocol addresses in a secret meeting in March. And on July 8 vendors released their patches in an unprecedented, synchronized effort. While the efforts may have staved off a complete shutdown of the Internet, the flaw was still exploited in small, random attacks after the patches were released, Kaminsky said in August.
Meanwhile, popular sites like Facebook became attractive targets for virus writers. The Koobface virus spread by luring victims with supposed videos of themselves, while another worm on Facebook also used what looked like a video link to get people to download malicious code. Facebook was also forced to suspend at least one application after its developers failed to obey privacy settings set by users and exposed private data. Researchers estimate that as much as 85 percent of malware is now distributed via Web apps.
Malware jumped after the credit crisis forced the closing and consolidation of banks and other companies starting in the early fall. One report found a direct correlation between the fall of the stock market and the rise in malware. The targeted attacks include fake antivirus software scams that trick consumers into making an online transaction and phishing e-mails aimed at people whose bank had merged with another one, like Chase and Washington Mutual.
Botnets continued to plague the Internet, with millions of innocent computers being turned into zombies that unleash spam and other attacks. The Storm botnet enjoyed its heyday, to be replaced by Srizbi and others. However, officials were able to shut down a major botnet hoster, McColo, in November, which led to a sharp drop in spam, at least for a while.
PCs weren't the only targets for malicious hackers. Threats against newer gadgets and devices rose this year. Apple was forced to fix several holes that would allow people to compromise a password-locked iPhone and do things like view incoming SMS messages and launch applications, as well as make phone calls. Meanwhile, the ubiquity of USB thumb drives meant it was only a matter of time until they were used to spread viruses.
2008 Highlights
Goodbye Storm, Hello Srizbi
For the first time ever, a security company reports a decrease in the number of Storm botnet-related e-mail.
Facebook suspends app that permitted peephole
Holes in Facebook had allowed anyone to see your birthday, relationship status, gender, and other personal information on the Top Friends application.
Massive, coordinated DNS patch released
A fundamental flaw within the Domain Name System is being addressed by multiple vendors.
Judge orders halt to Defcon speech on subway card hacking
Federal judge grants the state of Massachusetts' request to prevent three MIT students from giving a presentation about hacking smartcards used in the Boston subway system.
Security hole opens up password-protected iPhones
Users report serious security flaw in iPhone 2.0.2 that exposes mail, texts, voice messages, and browser to strangers despite the device being password-protected.
Survey: Web-based malware puts companies at risk
One quarter of IT administrators surveyed say data has been compromised by a Web-based threat and one-third cite employee use of social networks and other sites at work.
Report: As stock market drops, malware rises
PandaLabs statistics show how cybercriminals are taking aim at confused consumers in a time of economic uncertainty.
Spam declines after hosting company shut-down
Experts say McColo-hosted sites may have been responsible for as much as 75 percent of the spam on the Internet.
Microsoft to offer free consumer security suite
Software giant drops its paid Windows Live OneCare service in favor of a free consumer software focused on protecting PCs against malware.
Obama's cell phone records improperly accessed
Verizon Wireless tells Obama reps that its workers improperly accessed records of a cell phone the president-elect used recently, exposing calls and phone numbers but not e-mail.
USB devices spreading viruses
Defense Department suspends use of USB drives as experts warn of USB-related virus outbreaks.
Felony charges dropped in porn/spyware case
Connecticut officials may seek another trial after felony charges are dropped against a teacher accused of showing Internet porn to students in class, despite evidence that the culprit was spyware.
Additional headlines
What is your stolen data worth?
Hackers going after restaurants and supermarkets
Adobe Flash exploit raises concern
State worker cleared on child porn charges that were due to malware
Dutch chipmaker sues to silence security researchers
San Francisco IT worker arrested in hijacking of city network
Russia and Georgia continue attacks--online
New phishing attempt targets bank customers
Has Storm stopped sending spam?
Scams up, but big Net attack averted
Consumers continued to face online threats to their personal data and finances in 2008 from bigger, badder botnets to scams exploiting the economic downturn to more security holes in trusted sites.
But some quick action on the part of a security researcher and collaboration among Microsoft, Cisco Systems, and other companies in simultaneously releasing patches for a major flaw in an important protocol likely prevented a major attack on the Internet.
Credit: CNET News
Dan Kaminsky
Dan Kaminsky, director of penetration testing for IOActive, warned security software vendors about the problem with the Domain Name System that translates Web addresses into numerical Internet Protocol addresses in a secret meeting in March. And on July 8 vendors released their patches in an unprecedented, synchronized effort. While the efforts may have staved off a complete shutdown of the Internet, the flaw was still exploited in small, random attacks after the patches were released, Kaminsky said in August.
Meanwhile, popular sites like Facebook became attractive targets for virus writers. The Koobface virus spread by luring victims with supposed videos of themselves, while another worm on Facebook also used what looked like a video link to get people to download malicious code. Facebook was also forced to suspend at least one application after its developers failed to obey privacy settings set by users and exposed private data. Researchers estimate that as much as 85 percent of malware is now distributed via Web apps.
Malware jumped after the credit crisis forced the closing and consolidation of banks and other companies starting in the early fall. One report found a direct correlation between the fall of the stock market and the rise in malware. The targeted attacks include fake antivirus software scams that trick consumers into making an online transaction and phishing e-mails aimed at people whose bank had merged with another one, like Chase and Washington Mutual.
Botnets continued to plague the Internet, with millions of innocent computers being turned into zombies that unleash spam and other attacks. The Storm botnet enjoyed its heyday, to be replaced by Srizbi and others. However, officials were able to shut down a major botnet hoster, McColo, in November, which led to a sharp drop in spam, at least for a while.
PCs weren't the only targets for malicious hackers. Threats against newer gadgets and devices rose this year. Apple was forced to fix several holes that would allow people to compromise a password-locked iPhone and do things like view incoming SMS messages and launch applications, as well as make phone calls. Meanwhile, the ubiquity of USB thumb drives meant it was only a matter of time until they were used to spread viruses.
2008 Highlights
Goodbye Storm, Hello Srizbi
For the first time ever, a security company reports a decrease in the number of Storm botnet-related e-mail.
Facebook suspends app that permitted peephole
Holes in Facebook had allowed anyone to see your birthday, relationship status, gender, and other personal information on the Top Friends application.
Massive, coordinated DNS patch released
A fundamental flaw within the Domain Name System is being addressed by multiple vendors.
Judge orders halt to Defcon speech on subway card hacking
Federal judge grants the state of Massachusetts' request to prevent three MIT students from giving a presentation about hacking smartcards used in the Boston subway system.
Security hole opens up password-protected iPhones
Users report serious security flaw in iPhone 2.0.2 that exposes mail, texts, voice messages, and browser to strangers despite the device being password-protected.
Survey: Web-based malware puts companies at risk
One quarter of IT administrators surveyed say data has been compromised by a Web-based threat and one-third cite employee use of social networks and other sites at work.
Report: As stock market drops, malware rises
PandaLabs statistics show how cybercriminals are taking aim at confused consumers in a time of economic uncertainty.
Spam declines after hosting company shut-down
Experts say McColo-hosted sites may have been responsible for as much as 75 percent of the spam on the Internet.
Microsoft to offer free consumer security suite
Software giant drops its paid Windows Live OneCare service in favor of a free consumer software focused on protecting PCs against malware.
Obama's cell phone records improperly accessed
Verizon Wireless tells Obama reps that its workers improperly accessed records of a cell phone the president-elect used recently, exposing calls and phone numbers but not e-mail.
USB devices spreading viruses
Defense Department suspends use of USB drives as experts warn of USB-related virus outbreaks.
Felony charges dropped in porn/spyware case
Connecticut officials may seek another trial after felony charges are dropped against a teacher accused of showing Internet porn to students in class, despite evidence that the culprit was spyware.
Additional headlines
What is your stolen data worth?
Hackers going after restaurants and supermarkets
Adobe Flash exploit raises concern
State worker cleared on child porn charges that were due to malware
Dutch chipmaker sues to silence security researchers
San Francisco IT worker arrested in hijacking of city network
Russia and Georgia continue attacks--online
New phishing attempt targets bank customers
Has Storm stopped sending spam?