January 10, 2006
A few years ago, MessageLabs dubbed 2001 the year of the virus. In retrospect, the label is particulary appropriate as 2001 was one of the last years that traditional worms and viruses prevailed. In 2002, the tide had changed as malware authors began turning to spam and spyware for profit. This trend continued throughout 2003, dubbed the year of the black sheep. The malware for money theme reached new heights in 2004, a year dominated by worm wars and Trojans used in phishing scams and other financially motivated fraud.
Here's the top ten for 2005:
Most unexpected
Mobile device threats became a reality. I first wrote about the threat potential for mobile devices back in 2001 (for Virus Bulletin magazine), so I can't say I was surprised by this development. But many in the security industry (wrongly) discounted any threat to mobile devices. Antivirus vendor F-Secure was one of the very few that continued important research in this area. 2005 was the year they (and I) were proven correct. F-Secure maintains a list of wireless threats. Of 136 mobile threats discovered, 112 were discovered in 2005, 12 in 2004, and 3 in 2000. No mobile threats were reported for the years 2001-2003.
Most overlooked
Problems for IM users began in the latter part of 2004, but little to no reporting was done on this trend until the early part of 2005. Today, Instant Messaging programs are an increasingly frequent target of worms and spyware.
Most appreciated
Arrests, crackdowns on spam, spyware, and virus writers were prevalent in 2005. Some highlights include:
- FTC Bars Bogus Anti-Spyware Claims
- State of NY Sues Spyware Firm
- FTC Cracks Down on Lonely Housewives
- Symantec Sues Hotbar
- Netsky, Sasser Author Admits Guilt
- Microsoft Dethrones Spam King
- Zotob, Mytob Alleged Authors Arrested
- Alleged Botnet Creators Arrested
Most unusual
When Vardan Kushnir, Russia's most hated and most notorious spammer, was found murdered, it was thought to possibly be the result of his despised mass-mailing campaigns. After all, he had received several death threats. In the end however, it turned out that Sex, Not Spam, Led to Murder.
Most underwhelming
Microsoft's controversial decision to enter the security arena has thus far resulted in the release of Windows AntiSpyware, the introduction of their Windows OneCare program and a malicious software removal tool pushed out through the Windows update site. None seem to be doing too well at detection and removal of malware. Though Windows AntiSpyware started off strong (when it was still purely Giant Technology), as the year progressed its removal rate dropped from 91% to 73%. A cursory look at Windows OneCare indicates it may also be below par.
Most predictable
Old worms never die. New variants of Bagle, Sober, and Netsky were discovered throughout 2005, prompting Trend Micro to declare May '05 as the worst virus month in years. Both Zafi.D and Sober.X continued to dominate antivirus vendor prevalence charts in December 2005. Indeed, Sober.X promises to be a prevalent threat in 2006 as it begins a cycle of downloading new malware every two weeks throughout the new year.
Most despicable
Phishers and con artists exploited natural disasters for profit throughout 2005, including the Tsunami disaster and the Gulf Coast hurricanes, prompting the US Government to establish a task force to battle Hurricane Katrina and Rita Fraud.
Most entertaining (not!)
The love of games and the desire to profit from them caused many virus writers to create MMORPG trojans. Other gamers created malware that crippled game devices:
These activities bely Kaspersky's complaint that "teenagers don't have time for writing viruses - they're busy playing online games."
Most underhanded
The President of Sony BMG's Global Digital Business, Thomas Hesse, defended Sony's installation of a rootkit by declaring, "Most people, I think, don't even know what a Rootkit is, so why should they care about it?" Despite Hesse's belief that ignorance equals bliss, people did care. Sony is now defending several class action suits for secretly installing rootkits on music lovers' computers.
Most mismanaged
The WMF exploit discovered in December 2005 was made possible not because of a bug or flaw in Windows code. It was by design. Despite the serious implications and widespread nature of the WMF exploit, Microsoft originally pledged to not release a patch out of cycle. Consumer complaints prevailed, however, and ten days later Microsoft did release a patch, but not for vulnerable 98 and ME users. Reportedly the ten-day patch from Microsoft uses the same basic approach to guard against exploit as did the patch created in three hours by humble hero Ilfak Guilfanov.
