Year in review: Botnet gains, Web 2.0 pains
As the Storm worm raged, tapping countless PCs for nefarious ends, the rush to online applications left many Web sites vulnerable.
Botnet gains, Web 2.0 pains
While it started out in January 2007 as a traditional computer worm, Storm quickly emerged as a key element toward building one of the largest botnets active on the Internet today.
Botnets, networks of compromised computers used for spreading spam and malicious software or attacking large corporations, easily became one of the biggest security stories of year. By June, Storm was estimated by SecureWorks to have compromised
Fortunately, the FBI was on top of the botnet problem, announcing in June a few initial arrests as the result of
Experts say the
Indeed, criminals have resorted to using new strategies to infect computers;
The year also saw a sharp increase in the use by criminals of non-operating-system exploits. Common desktop applications such as Adobe Reader,
Other Web attacks focused entirely on the increased use of Facebook,
Second to botnets making headlines in 2007 was identity theft, leading off with the 47 million accounts that were compromised from TJX Companies, which operates such discount retail chains as T.J. Maxx and Marshalls.
Other data breaches making the news included, but were not limited to,
The year also included several
In 2007, CNET News.com produced two in-depth looks at security. First was the series "Wardens of the Web," which profiled the behind-the-scenes security people at Google, Yahoo, and Microsoft. The second--"Securing Microsoft: A long road"--was an inside look at how Microsoft's response to security threats has evolved over the years.
2007 Highlights
'Storm worm' rages across the globe
Mass-mailed Trojan horse baits people with timely information about a deadly, real-life storm front in Europe.
Experts: Don't buy Vista for the security
New Microsoft operating system is a leap forward in security, but few people familiar with it say the advances justify an upgrade.
Microsoft's own antivirus fails to secure Vista
Test of 15 antivirus packages shows failures in four. Microsoft pledges improvements; McAfee says its updates weren't included.
TJX: 45.7 million customer records compromised
Filing with the SEC reveals scope of the breach is far wider than previously believed.
Alleged 'Seattle Spammer' arrested
After being indicted by a federal grand jury, Robert Alan Soloway pleads not guilty to 35 counts related to junk e-mail.
Wardens of the Web
special report In CNET News.com's four-day series, we peek behind the curtain at online giants Yahoo, Google and Microsoft, and the elite corps charged with securing Web applications.
Facebook users open to cyberattacks, ID theft?
Facebook Platform creates channel for malicious third-party applications. Users also face identity theft, VeriSign says.
Experts: Rush to adopt Ajax leaves sites vulnerable
Researchers say developers often see only the code that works, and not how someone else may come along and exploit it.
Monster defends delay in notifying users of data breach
Online job service says it wanted to launch its own investigation to verify the breach before notifying job seekers who had been affected.
Gmail cookie vulnerability exposes user's privacy
Program developed by "ethical hacking" group takes advantage of cross-site scripting vulnerability to steal contacts, forward e-mail.
Shorter URLs help phishers hook more victims
Cybercriminals are shrinking host names of malicious sites to lend them an air of legitimacy, according to security researchers.
At software giant, pain gives rise to progress
special report Redmond's security practices have been transformed since threats like Slammer and Blaster first wormed their way onto the scene.
The next generation of security threats
special report Forget widespread worms. Nowadays, limited-scale threats like targeted e-mail attacks are causing the most concern.
Additional Headlines
Cisco to spend $830 million for e-mail security firm
Mac hacked through QuickTime flaw
Botnet gains, Web 2.0 pains
While it started out in January 2007 as a traditional computer worm, Storm quickly emerged as a key element toward building one of the largest botnets active on the Internet today.
Botnets, networks of compromised computers used for spreading spam and malicious software or attacking large corporations, easily became one of the biggest security stories of year. By June, Storm was estimated by SecureWorks to have compromised
Fortunately, the FBI was on top of the botnet problem, announcing in June a few initial arrests as the result of
Experts say the
Indeed, criminals have resorted to using new strategies to infect computers;
The year also saw a sharp increase in the use by criminals of non-operating-system exploits. Common desktop applications such as Adobe Reader,
Other Web attacks focused entirely on the increased use of Facebook,
Second to botnets making headlines in 2007 was identity theft, leading off with the 47 million accounts that were compromised from TJX Companies, which operates such discount retail chains as T.J. Maxx and Marshalls.
Other data breaches making the news included, but were not limited to,
The year also included several
In 2007, CNET News.com produced two in-depth looks at security. First was the series "Wardens of the Web," which profiled the behind-the-scenes security people at Google, Yahoo, and Microsoft. The second--"Securing Microsoft: A long road"--was an inside look at how Microsoft's response to security threats has evolved over the years.
2007 Highlights
'Storm worm' rages across the globe
Mass-mailed Trojan horse baits people with timely information about a deadly, real-life storm front in Europe.
Experts: Don't buy Vista for the security
New Microsoft operating system is a leap forward in security, but few people familiar with it say the advances justify an upgrade.
Microsoft's own antivirus fails to secure Vista
Test of 15 antivirus packages shows failures in four. Microsoft pledges improvements; McAfee says its updates weren't included.
TJX: 45.7 million customer records compromised
Filing with the SEC reveals scope of the breach is far wider than previously believed.
Alleged 'Seattle Spammer' arrested
After being indicted by a federal grand jury, Robert Alan Soloway pleads not guilty to 35 counts related to junk e-mail.
Wardens of the Web
special report In CNET News.com's four-day series, we peek behind the curtain at online giants Yahoo, Google and Microsoft, and the elite corps charged with securing Web applications.
Facebook users open to cyberattacks, ID theft?
Facebook Platform creates channel for malicious third-party applications. Users also face identity theft, VeriSign says.
Experts: Rush to adopt Ajax leaves sites vulnerable
Researchers say developers often see only the code that works, and not how someone else may come along and exploit it.
Monster defends delay in notifying users of data breach
Online job service says it wanted to launch its own investigation to verify the breach before notifying job seekers who had been affected.
Gmail cookie vulnerability exposes user's privacy
Program developed by "ethical hacking" group takes advantage of cross-site scripting vulnerability to steal contacts, forward e-mail.
Shorter URLs help phishers hook more victims
Cybercriminals are shrinking host names of malicious sites to lend them an air of legitimacy, according to security researchers.
At software giant, pain gives rise to progress
special report Redmond's security practices have been transformed since threats like Slammer and Blaster first wormed their way onto the scene.
The next generation of security threats
special report Forget widespread worms. Nowadays, limited-scale threats like targeted e-mail attacks are causing the most concern.
Additional Headlines
Cisco to spend $830 million for e-mail security firm
Mac hacked through QuickTime flaw