Internet worms record rapid global growth
Major security developments in 2009 included Conficker, the most damaging networking worm for years. Conficker spread fast in computers using the Windows XP operating system which had not been patched with a late 2008 Microsoft update. Conficker caused serious problems for many companies and public institutions around the world.
Unlike many previous worms that were released in the wild for personal fame, Conficker was designed to call home and create a botnet of infected computers – a potentially profitable commodity for the authors of the worm. The Conficker Working Group prevented the worm from reporting home and establishing a powerful botnet. Nevertheless, millions of computers still remain infected with Conficker at the end of 2009.
This year has also seen the launch of the Windows 7 operating system as a replacement for Windows Vista and Windows XP, which were both affected by major security concerns. Windows 7 shows promise as a leaner, more secure operating system, and also has an improved user security experience compared to Vista. The focus on a better user experience and improved security is also one of the important trends in 2009, coinciding with the emergence of netbooks.
In 2009 smartphones have become more popular and more powerful than ever. Smartphones are increasingly used for Internet based activity, including social media, which itself experienced substantial growth in the past year. Much of this has been driven by the iPhone and other touchscreen smartphones.
At the end of 2009 jailbroken iPhones became a target for the first profit-motivated malware on this platform. The speed of the malware evolution for jailbroken iPhones is a telling sign of the times. The news of a Dutch hacker exploiting a jailbroken iPhone vulnerability was quickly followed by an Australian boy writing a worm that tried to “teach people a lesson’ for not changing their default SSH password. The first stealthy worm for jailbroken iPhones then emerged almost immediately, designed to create a mobile botnet and gain access to online banking details.
Mikko Hypp?¶nen says, “In 2009 criminals have shown that they have an insatiable appetite for online resources which can be turned into commodities. Their botnets are being used for search engine optimization attacks, for pushing rogue security software, and for hosting websites that drive consumers to scams and drive-by downloads.”