2006 Security Roundup – Ah, the Memories
Happy (belated) New Year! It’s safe to say that most people are backinto the full swing of things by now. Although the first week ofJanuary may have been a short one for some, there are many of us whowere kept on our toes in the fledgling days of 2007. We are stillwitnessing the aftermath of some annoying holiday-themed emailscontaining a mass-mailing worm, and even more recently we have beendealing with a cross-site scripting (XSS) problem involving AdobeAcrobat files.
The report also discusses online fraud, virus, and vulnerabilitytrends for 2006. Online fraud is also known as phishing, which is amalicious attempt to trick people into divulging personal information,such as banking or financial details. In 2006, Symantec observed overseven million phishing attempts each day. Users should be suspicious offollowing links in email messages claiming to be from a bank orfinancial institution, and certainly no personal information should bereturned to the email sender.
The development of viruses and worms continues to evolve.Mass-mailing worms still maintained an overwhelming presence in 2006,but they are slowly being overtaken with more stealthy threats that tryto remain undetected once they have infected a computer using rootkittechniques. We are continually investigating the threat of zero-dayexploits, which are malicious programs written by attackers to exploita previously unknown flaw or vulnerability in software. The targets ofzero-day attacks often include network- or computer-based softwareapplications that require some level of user interaction, such as Webbrowsers or computer/office productivity software.
Please have a look at the December 2006 edition of the Symantec Home and Home Office Security report, which can be downloaded here. You can also download earlier versions of the monthly report from this page and save the URL for future reference.