Year in review: Botnet gains, Web 2.0 pains

While it started out in January 2007 as a traditional computer worm, Storm quickly emerged as a key element toward building one of the largest botnets active on the Internet today.

Botnets, networks of compromised computers used for spreading spam and malicious software or attacking large corporations, easily became one of the biggest security stories of year. By June, Storm was estimated by SecureWorks to have compromised 1.7 million computers. There also emerged the possibility that state-sponsored malicious-software writers had targeted Estonia with one of the first cyberwars, an attack that included the use of botnets.

Fortunately, the FBI was on top of the botnet problem, announcing in June a few initial arrests as the result of Operation Bot Roast. One of those arrests was alleged spammer kingpin Robert Alan Soloway, who was sentenced in November, when the FBI announced even more arrests as part of Operation Bot Roast II. Overall, the yearlong operation uncovered more than $20 million in economic losses.

Experts say the rush to adopt Web 2.0 has left many Web sites vulnerable to malicious software that could lead to botnet creation. Flaws in Web 2.0 development was a theme again at this year's annual Black Hat gathering in Las Vegas.

Indeed, criminals have resorted to using new strategies to infect computers; one method relies on first compromising legitimate Web sites, then leading users to servers hosting packaged malicious software. If a user, for instance, used Internet Explorer to view a compromised page, the malicious-software server would attempt to download specific exploits for that browser. Another recent example of using the Web to launch attacks included compromising popular MySpace.com pages.

The year also saw a sharp increase in the use by criminals of non-operating-system exploits. Common desktop applications such as Adobe Reader, Apple Quicktime, and Real Player have become the favorite targets of criminal hackers. At CanSecWest, an annual security conference in Vancouver, British Columbia, a zero-day flaw in Quicktime was used to hack into a MacBook, securing its discoverer a $10,000 prize.

Other Web attacks focused entirely on the increased use of Facebook, MySpace, and Gmail.

Second to botnets making headlines in 2007 was identity theft, leading off with the 47 million accounts that were compromised from TJX Companies, which operates such discount retail chains as T.J. Maxx and Marshalls. Authorities have since linked at least one Ukrainian man to the theft, and in September, TJX said it would offer discounts to customers in 2008.

Other data breaches making the news included, but were not limited to, Monster.com, Pfizer, and IBM.

The year also included several high-profile security company acquisitions. Cisco acquired Ironport, an e-mail security company; Hewlett-Packard acquired SPI Dynamics, a security research company; RSA acquired Tablus, an enterprise data loss prevention company; Google acquired GreenBorder, a safe-browsing company, and Postini, an e-mail security company; McAfee acquired ScanAlert, a security certification company, and SafeBoot, an enterprise data loss prevention company; and Symantec acquired Vontu, an enterprise data loss prevention company.

In 2007, CNET News.com produced two in-depth looks at security. First was the series "Wardens of the Web," which profiled the behind-the-scenes security people at Google, Yahoo, and Microsoft. The second--"Securing Microsoft: A long road"--was an inside look at how Microsoft's response to security threats has evolved over the years.