X

Year in review: Old worms, new tricks

Sober came back to bite, while hackers hunted for new ways to attack and spread code--and Sony stumbled into a rootkit debacle.

4 min read

Year in Review: NET THREATS

The Year in Review

Old worms, new tricks

A seemingly endless barrage of variants of the Bagle and MyTob worms surfaced this year, but what really pummeled e-mail servers around the globe were two Sober offshoots.

The first hit in May, and the second clogged e-mail in-boxes and servers in November. Microsoft's Hotmail and MSN e-mail services had so much trouble dealing with the infected spam that messages sent to members faced an unspecified delay. Some antivirus companies predicted there will be another Sober onslaught on Jan. 5.

To the surprise of some experts, Sober's tricks to get recipients to open the malicious e-mail and attachment worked. In May, the e-mail promised a prize of free tickets to the 2006 World Cup in Germany, while in November, the bait was a Paris Hilton video or a purported FBI e-mail.

There weren't many headline-grabbing worm or virus outbreaks in 2005, but Zotob, which caused outages at CNN, The New York Times and ABC, got a lot of attention. Unlike Sober, which propagated via e-mail, Zotob spread via networks using a security flaw in Microsoft Windows.

Attackers continued to deviate from using e-mail and networks to spread worms, and instant messaging became an increasingly popular conduit. In addition, they went hunting for holes beyond operating system bugs, in media players, antivirus software and other applications. It also became more evident that miscreants today are in it for the money, not just for bragging rights.

"Zombies," or remotely controlled compromised PCs, became such a big problem in 2005 that the Federal Trade Commission called for industry action. A network of zombies, called a botnet, can send spam or take down a Web site by flooding it with data requests.

Meet the hackers
One bug hunter drew the ire of Cisco Systems. Michael Lynn demonstrated at the Black Hat security confab this summer that he could remotely hijack a Cisco router or switch, something that was previously thought impossible. Cisco sued Lynn, triggering an outpouring of support for the researcher from the security community.

Microsoft took an opposite approach, inviting hackers to its campus twice this year for a "Blue Hat" discussion on the security of its products.

Firefox, touted by for its security compared with Microsoft's Internet Explorer, came under increased scrutiny from bug hunters. Several serious holes have been found in the Mozilla Web browser since its official release in late 2004. But one expert has cautioned that safe browsers simply don't exist.

Cybercriminals kept challenging those who wanted to halt their activities. Security vendors scrambled to find ways to combat "rootkit" technology. A rootkit will bury an attacker's code deep on a PC, making it hard to detect and even harder to remove without breaking the operating system.

Late in the year, Sony BMG Music Entertainment was found to have distributed a rootkit-like technology on music CDs that included copy-protection software. Trojan horses quickly used the tool to hide, and the fiasco forced the label to pull the CDs from stores. Expect security software makers to advertise rootkit detection widely next year.

--Joris Evers

2005 Highlights

Bagle virus makes a return

The mass-mailing virus is starting to spread worldwide, antivirus firms warn.
January 27, 2005

Feds to fight the zombies

FTC plans to tell Internet service providers to take stronger action against spam infiltrators.
May 23, 2005

Mytob e-mail worm proliferating quickly

The mass-mailing varmint makes up in numbers what it lacks in heft, security watchers say.
March 29, 2005

Microsoft meets the hackers

special report In the name of education, the software giant invites security researchers to infiltrate Windows systems.
June 16, 2005

Hacking for dollars

These days, attackers are motivated more by money than the desire to write disruptive worms like Sasser.
July 6, 2005

A safe browser? No longer in the lexicon

perspective CERT security analyst Art Manion warns that all Web browsers now face similar threats--and some even share similar design features.
July 7, 2005

ISPs versus the zombies

If providers don't pitch in against the threat, customers might defect--and the health of the Net itself could suffer.
July 19, 2005

Windows worms knocking out computers

Network worms are shutting down computers running Windows 2000, security experts warn.
August 16, 2005

Symantec: Mozilla browsers more vulnerable than IE

But the security specialist also finds that Microsoft's browser is the only one widely exploited by hackers today.
September 19, 2005

Sony's rootkit fiasco

Storm over the record label's antipiracy software raises questions about who owns the desktop and what exactly a rootkit is.
November 21, 2005

Clock's ticking on new Sober onslaught

Mass-mailing worm is programmed to download new instructions in January, which could indicate a new outbreak.
December 7, 2005

Behind the headlines

 

Year in Review: NET THREATS

The Year in Review

Old worms, new tricks

A seemingly endless barrage of variants of the Bagle and MyTob worms surfaced this year, but what really pummeled e-mail servers around the globe were two Sober offshoots.

The first hit in May, and the second clogged e-mail in-boxes and servers in November. Microsoft's Hotmail and MSN e-mail services had so much trouble dealing with the infected spam that messages sent to members faced an unspecified delay. Some antivirus companies predicted there will be another Sober onslaught on Jan. 5.

To the surprise of some experts, Sober's tricks to get recipients to open the malicious e-mail and attachment worked. In May, the e-mail promised a prize of free tickets to the 2006 World Cup in Germany, while in November, the bait was a Paris Hilton video or a purported FBI e-mail.

There weren't many headline-grabbing worm or virus outbreaks in 2005, but Zotob, which caused outages at CNN, The New York Times and ABC, got a lot of attention. Unlike Sober, which propagated via e-mail, Zotob spread via networks using a security flaw in Microsoft Windows.

Attackers continued to deviate from using e-mail and networks to spread worms, and instant messaging became an increasingly popular conduit. In addition, they went hunting for holes beyond operating system bugs, in media players, antivirus software and other applications. It also became more evident that miscreants today are in it for the money, not just for bragging rights.

"Zombies," or remotely controlled compromised PCs, became such a big problem in 2005 that the Federal Trade Commission called for industry action. A network of zombies, called a botnet, can send spam or take down a Web site by flooding it with data requests.

Meet the hackers
One bug hunter drew the ire of Cisco Systems. Michael Lynn demonstrated at the Black Hat security confab this summer that he could remotely hijack a Cisco router or switch, something that was previously thought impossible. Cisco sued Lynn, triggering an outpouring of support for the researcher from the security community.

Microsoft took an opposite approach, inviting hackers to its campus twice this year for a "Blue Hat" discussion on the security of its products.

Firefox, touted by for its security compared with Microsoft's Internet Explorer, came under increased scrutiny from bug hunters. Several serious holes have been found in the Mozilla Web browser since its official release in late 2004. But one expert has cautioned that safe browsers simply don't exist.

Cybercriminals kept challenging those who wanted to halt their activities. Security vendors scrambled to find ways to combat "rootkit" technology. A rootkit will bury an attacker's code deep on a PC, making it hard to detect and even harder to remove without breaking the operating system.

Late in the year, Sony BMG Music Entertainment was found to have distributed a rootkit-like technology on music CDs that included copy-protection software. Trojan horses quickly used the tool to hide, and the fiasco forced the label to pull the CDs from stores. Expect security software makers to advertise rootkit detection widely next year.

--Joris Evers

2005 Highlights

Bagle virus makes a return

The mass-mailing virus is starting to spread worldwide, antivirus firms warn.
January 27, 2005

Feds to fight the zombies

FTC plans to tell Internet service providers to take stronger action against spam infiltrators.
May 23, 2005

Mytob e-mail worm proliferating quickly

The mass-mailing varmint makes up in numbers what it lacks in heft, security watchers say.
March 29, 2005

Microsoft meets the hackers

special report In the name of education, the software giant invites security researchers to infiltrate Windows systems.
June 16, 2005

Hacking for dollars

These days, attackers are motivated more by money than the desire to write disruptive worms like Sasser.
July 6, 2005

A safe browser? No longer in the lexicon

perspective CERT security analyst Art Manion warns that all Web browsers now face similar threats--and some even share similar design features.
July 7, 2005

ISPs versus the zombies

If providers don't pitch in against the threat, customers might defect--and the health of the Net itself could suffer.
July 19, 2005

Windows worms knocking out computers

Network worms are shutting down computers running Windows 2000, security experts warn.
August 16, 2005

Symantec: Mozilla browsers more vulnerable than IE

But the security specialist also finds that Microsoft's browser is the only one widely exploited by hackers today.
September 19, 2005

Sony's rootkit fiasco

Storm over the record label's antipiracy software raises questions about who owns the desktop and what exactly a rootkit is.
November 21, 2005

Clock's ticking on new Sober onslaught

Mass-mailing worm is programmed to download new instructions in January, which could indicate a new outbreak.
December 7, 2005

Behind the headlines