2009: A Year worth Learning From
Posted on behalf of Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec Hosted Services
I never like to dwell on the past. But as I reflect more on what an eventful year 2009 has been, there are some highlights worth noting. I don’t look at it as dwelling as much as I do learning from the past to further build and tone our Intelligence muscle.
Based on the MessageLabs Intelligence 2009 Annual Security Report, below are the security highlights of 2009.
Notable ISP Shutdowns : The shutdown of botnet hosting ISPs, such as McColo in late 2008 and Real Host in August 2009 appeared to make botnets re-evaluate and enhance their command and control backup strategy to enable recovery to take hours, rather than weeks or months.
Botnets Ruled the Threat Landscape: Botnets continued to rule the cyber security landscape in 2009 with the ten major heavyweight botnets, including Cutwail, Rustock and Mega-D, now controlling at least five million compromised computers.
Bredolab Trojan Dropper: The Cutwail botnet used its strength to spam out emails containing the Bredolab Trojan dropper, disguised in the form of a .ZIP file attachment. One of the major threats of 2009, the Bredolab Trojan was designed to give the sender complete control of the target computer which then could be used to deploy other botnet malware, adware or spyware onto the victims’ computer. The percentage of spam distributing the Bredolab Trojan dropper increased steadily in late 2009 and reached its highest levels in October 2009 when it was estimated that approximately 3.6 billion Bredolab malware emails were in circulation.
Conficker/Downadup: While the Conficker worm originated at the end of 2008, an update to the malware on 1 April 2009 provided additional functionality for it to better evade detection. Conficker is of particular concern as it has not yet been identified how the infected machines will be used, estimated by the Conficker Working Group, who has contributed to minimizing the role this malware potentially played in 2009, to total more than six million computers.
Global Credit Crisis Offers Fodder for Spam: The credit crisis generated many new finance-related attacks as spammers and criminals sought to take advantage of the uncertainty surrounding the global economic downturn. In February, spam containing hyperlinks to a number of major well-known search engines delivered much of the early recession-based spam.
CAPTHCAs: CAPTCHAs (Completely Automated Public Turing test to tell Computer and Humans Apart), came under increased scrutiny this year as CAPTCHA-breaking tools have been readily traded in the underground economy, allowing cyber criminals to create large numbers of real accounts for webmail, instant messaging and social networking websites.
To download the MessageLabs Intelligence Annual Report in its entirety, please visit: http://www.messagelabs.com/intelligence.aspx
Follow us on Twitter: @MessageLabs