2009 in review: Security

The continued activity of the Conficker worm kept security professionals busy this year

Drive-by downloads
Drive-by downloads have become one of the major ways in which cyber criminals spread malware, according to Symantec security operations manager Orla Cox. This happens most commonly by infecting often legitimate sites with malicious code which will then infect any unprotected PCs which happen to visit the site, unbeknown to the user. There were 18 million infection attempts in the whole of 2008, but Symantec observed 17.4 million from August to October of 2009 alone.

Fake anti-virus
This year has also seen a rapid rise in the number of scams trying to trick users into buying fake anti-virus products. Symantec received reports of 43 million rogue security software installation attempts from 1 July 2008 to 30 June 2009. The danger, of course, is twofold: users are defrauded, and could leave themselves open to future attack by wrongly thinking that they are protected.

Attacks via social networking sites
If this year was the year of Twitter, it was also the year in which hackers began to exploit the site, and other social networking sites, to spread malware. In many ways, these sites are a goldmine for cyber criminals, as users are far more likely to click on potentially malicious links if they believe it comes from a friend on such a site. Thus we witnessed the great success of the Koobface worm, which saw criminals hacking accounts and spamming the account holder's 'friends' with malicious links, often obfuscated by a URL shortening service. Numerous Twitter accounts have been hacked this year and, although the site has tried to fight back with verified account service, this has proved far from impenetrable. Britney Spears's verified account recently fell victim.

Piggy-backing on popular events
A popular technique for some time now, cyber criminals have continued to exploit big events throughout the year to entice users to click on spam-ridden or malicious links in emails, Twitter feeds or other channels. Another technique exploited for events such as Michael Jackson's death is that of blackhat search engine optimisation, which involves hackers filling malicious sites with keywords to ensure they come top of the rankings when a user searches for more news about a big event.

Conficker
Any round-up of 2009 would not be complete without mention of Conficker, the worm which achieved worldwide notoriety this year. Surfacing about a year ago, the worm caught Symantec among others by surprise, according to Orla Cox. "We knew that the vulnerability had the potential to be used by malware, but we felt people had learned their lesson from the past," she said. "We were wrong. It was really interesting to see how slow some people were to patch known vulnerabilities." The main concern surrounding the worm is that no-one seems to know how the machines it has infected - which number over six million - will be used.

Botnets and spam; a marriage made in heaven
Botnets are getting harder to track and trace, according to the annual MessageLabs Intelligence security report released earlier this month. Although the amount of spam being sent out from botnets such as Cutwail, Rustock and Mega-D actually dropped in 2009, there is still "the huge potential for increases in the New Year", according to MessageLabs' senior analyst Paul Wood. He added that command and control channels are becoming harder to pinpoint and take down. "The McColo outage had a huge impact on spam volumes as it took a few weeks for spammers to recover, but botnet technology has evolved so that there is no longer a single point of failure," he explained.

Governments around world working together
It was not all doom and gloom this year, however, according to Rodney Joffe of Neustar and the Conficker Working Group. "For the first time we're seeing governments co-operating - concrete activity coming out of conferences and law enforcers coorindating efforts," he said. "It was brought to the fore by Obama's 60-day review where he pointed out that private industry seems to have a better handle on security than governments."

Others have been more sceptical though. Graham Titterington, an analyst with Ovum, said that most law enforcement agencies around the world are "woefully underresourced".

"There is a high level of co-operation between the US and western Europe but they don't cover anything like the face of the earth," he added.

Read part two of our security round-up to find out what they key trends of 2010 are set to be.