Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

2006 Security Roundup – Ah, the Memories

Created: 08 Jan 2007 08:00:00 GMT • Updated: 23 Jan 2014 18:53:44 GMT
Marc Fossi's picture
0 0 Votes
Login to vote

Happy (belated) New Year! It’s safe to say that most people are backinto the full swing of things by now. Although the first week ofJanuary may have been a short one for some, there are many of us whowere kept on our toes in the fledgling days of 2007. We are stillwitnessing the aftermath of some annoying holiday-themed emailscontaining a mass-mailing worm, and even more recently we have beendealing with a cross-site scripting (XSS) problem involving AdobeAcrobat files.

Sadly, given these examples, it seems that the more things changefrom year to year, the more they stay the same (I know it’s a cliché).And in that regard, we have recently published the December 2006version of the Symantec Home and Home Office Security Report. Thereport discusses some of the top security news items in December aswell as a roundup of noteworthy Internet security trends for 2006. Lastmonth, there was a worm discovered to be propagating because ofmalicious URLs being sent as links in instant messages through theSkype instant messaging application. There was another worm reportedthat was spreading on the MySpace social networking Web site, where theworm disguised itself as a QuickTime video file. When a user opened themalicious video file, JavaScript functionality that is present inQuickTime was used to overwrite certain links and data in the user’sMySpace profile.

The report also discusses online fraud, virus, and vulnerabilitytrends for 2006. Online fraud is also known as phishing, which is amalicious attempt to trick people into divulging personal information,such as banking or financial details. In 2006, Symantec observed overseven million phishing attempts each day. Users should be suspicious offollowing links in email messages claiming to be from a bank orfinancial institution, and certainly no personal information should bereturned to the email sender.

The development of viruses and worms continues to evolve.Mass-mailing worms still maintained an overwhelming presence in 2006,but they are slowly being overtaken with more stealthy threats that tryto remain undetected once they have infected a computer using rootkittechniques. We are continually investigating the threat of zero-dayexploits, which are malicious programs written by attackers to exploita previously unknown flaw or vulnerability in software. The targets ofzero-day attacks often include network- or computer-based softwareapplications that require some level of user interaction, such as Webbrowsers or computer/office productivity software.

Please have a look at the December 2006 edition of the Symantec Home and Home Office Security report, which can be downloaded here. You can also download earlier versions of the monthly report from this page and save the URL for future reference.