The security landscape may be rapidly evolving, but the clue to standing a better chance in the fight against threats could be in looking back, not forward.
Chia Wing Fei, F-Secure's senior security response manager, pointed out in an e-mail interview, today's threats ring of themes such as stealth, sophistication and financial gain.
Eric Chong, regional marketing director at Trend Micro, said in an e-mail that cybercriminals have evolved their modus operandi not only in coming up with variants to penetrate existing security measures, but also by mirroring attacks "with the way users think about and use technology in day to day communication". For instance, attacks around a decade ago were via e-mail attachments; today, attackers have moved to shared devices and social networking platforms on the Web.
Yet, according to Paul Ducklin, Asia-Pacific head of technology at Sophos, "modern cybercriminals aren't as novel and inventive as we sometimes credit them with being".
Paul Ducklin, Asia-Pacific head of technology at Sophos, highlights to ZDNet Asia some of the milestones, and interesting lessons, in the security landscape.
January 1975: Systems programmer John Warnock--who later found Adobe--tires of sending out tapes of his popular Univac computer game, Animal and instead sends out a self-replicating version. It soon turns up, as if by magic, on Univacs all around the United States. Technically, this was the first computer virus.
April 1989: Panama-registered PC Cyborg Corporation mails out more than 10,000 diskettes worldwide containing so-called Aids information software, which many people try out. But after 90 days, the program scrambles the hard disk and demands a US$378 licensing fee--marking the first widespread ransomware.
Users ought to set high trust standards before using software from an unknown publisher, and always read and understand the terms and conditions.
December 1987: A German prankster e-mails seasonal greetings to IBM mainframe users. The message contains a script virus--it appears to be an innocent draws a Christmas tree, it also forwards itself to the recipient's address book and contacts in his or her e-mail history. As a result, the EARN and BITNET IBM mainframe-based academic networks were temporarily overloaded with traffic. Indeed, booby-trapped e-mail messages have been around for over 20 years.
November 1988: Robert Morris releases a fast-spreading "blended threat" virus on the Internet. Using three different exploits, his code spreads so fast that the Net is almost crushed. Modern threats such as Conficker succeed by exploiting the same sort of holes--computers that have not been patched and poor passwords.People, he noted in an e-mail, fail to learn from the past and end up falling victim to newer threats. "Modern threats like Conficker succeed by exploiting the same sort of holes, for example unpatched computers and poor passwords, as the earliest network malware," he pointed out.
Alwin Ow, Symantec's senior director of systems engineering in Asia-Pacific and Japan, concurred. "So far this year, Symantec has observed that older attack techniques have resurfaced and are part of the methods used in several recent and highly publicized threats such as Koobface, Conficker and Trojan.Dozer."
In an attempt to get a better hold of current and potential attacks, ZDNet Asia finds out from Trend Micro five cyberthreats perceived to be the most dangerous in the last decade, and why.
1. Conficker or Downadup
Termed as Downad by Trend Micro, the first variant of the worm appeared in November 2008, targeting the MS08-067 vulnerability. It spawned several other variants, with each new one an improvement over the last. New propagation avenues were added, including USB drives. The worm has successfully generated 50,000 domains, of which it has connected to 500, noted Chong.
Symantec's Ow added however, the first Conficker variant did not quite achieve the level of disruption it was capable of. The estimated infection was 500,000 "due to an aggressive infection routine and a sophisticated exploitation algorithm, which makes use of geolocation and OS fingerprinting", he explained.
2. Koobface
The Koobface worm first appeared in August 2008, targeting social networking sites such as Facebook by infecting user profiles. Koobface possessed a dynamic update capability, allowing it to spread to other social networking sites and perform more malicious routines.
3. Zbot
The Trojan variants infect machines via e-mail or Web exploits. Underground research and documented cases reveal Zbot to be a thriving business where infected computers give up their owners' personal information--including credit card data--to remote servers run by cybercriminals.
Zbot variants are especially damaging due to their ever-changing social engineering techniques, according to Trend Micro.
4. Slammer
The worm is notorious for drastically slowing down general Internet traffic in 2003 despite being a solitary packet worm in memory, attacking without a file system component. It exploits a patched buffer overflow bug in MS SQL Server and Desktop Engine, and its trickling effects are still observed in current times.
5. I Love You
The Loveletter virus, also known as Love Bug, plagued inboxes in 2000 and infected some 10 percent of computers worldwide, with each system harboring an average of 600 infected files. It had a destructive payload, overwriting files with multimedia file extensions.
Chia Wing Fei, F-Secure's senior security response manager, pointed out in an e-mail interview, today's threats ring of themes such as stealth, sophistication and financial gain.
Eric Chong, regional marketing director at Trend Micro, said in an e-mail that cybercriminals have evolved their modus operandi not only in coming up with variants to penetrate existing security measures, but also by mirroring attacks "with the way users think about and use technology in day to day communication". For instance, attacks around a decade ago were via e-mail attachments; today, attackers have moved to shared devices and social networking platforms on the Web.
Yet, according to Paul Ducklin, Asia-Pacific head of technology at Sophos, "modern cybercriminals aren't as novel and inventive as we sometimes credit them with being".
Malware: The first signs
Paul Ducklin, Asia-Pacific head of technology at Sophos, highlights to ZDNet Asia some of the milestones, and interesting lessons, in the security landscape.
January 1975: Systems programmer John Warnock--who later found Adobe--tires of sending out tapes of his popular Univac computer game, Animal and instead sends out a self-replicating version. It soon turns up, as if by magic, on Univacs all around the United States. Technically, this was the first computer virus.
April 1989: Panama-registered PC Cyborg Corporation mails out more than 10,000 diskettes worldwide containing so-called Aids information software, which many people try out. But after 90 days, the program scrambles the hard disk and demands a US$378 licensing fee--marking the first widespread ransomware.
Users ought to set high trust standards before using software from an unknown publisher, and always read and understand the terms and conditions.
December 1987: A German prankster e-mails seasonal greetings to IBM mainframe users. The message contains a script virus--it appears to be an innocent draws a Christmas tree, it also forwards itself to the recipient's address book and contacts in his or her e-mail history. As a result, the EARN and BITNET IBM mainframe-based academic networks were temporarily overloaded with traffic. Indeed, booby-trapped e-mail messages have been around for over 20 years.
November 1988: Robert Morris releases a fast-spreading "blended threat" virus on the Internet. Using three different exploits, his code spreads so fast that the Net is almost crushed. Modern threats such as Conficker succeed by exploiting the same sort of holes--computers that have not been patched and poor passwords.
Alwin Ow, Symantec's senior director of systems engineering in Asia-Pacific and Japan, concurred. "So far this year, Symantec has observed that older attack techniques have resurfaced and are part of the methods used in several recent and highly publicized threats such as Koobface, Conficker and Trojan.Dozer."
In an attempt to get a better hold of current and potential attacks, ZDNet Asia finds out from Trend Micro five cyberthreats perceived to be the most dangerous in the last decade, and why.
1. Conficker or Downadup
Termed as Downad by Trend Micro, the first variant of the worm appeared in November 2008, targeting the MS08-067 vulnerability. It spawned several other variants, with each new one an improvement over the last. New propagation avenues were added, including USB drives. The worm has successfully generated 50,000 domains, of which it has connected to 500, noted Chong.
Symantec's Ow added however, the first Conficker variant did not quite achieve the level of disruption it was capable of. The estimated infection was 500,000 "due to an aggressive infection routine and a sophisticated exploitation algorithm, which makes use of geolocation and OS fingerprinting", he explained.
2. Koobface
The Koobface worm first appeared in August 2008, targeting social networking sites such as Facebook by infecting user profiles. Koobface possessed a dynamic update capability, allowing it to spread to other social networking sites and perform more malicious routines.
3. Zbot
The Trojan variants infect machines via e-mail or Web exploits. Underground research and documented cases reveal Zbot to be a thriving business where infected computers give up their owners' personal information--including credit card data--to remote servers run by cybercriminals.
Zbot variants are especially damaging due to their ever-changing social engineering techniques, according to Trend Micro.
4. Slammer
The worm is notorious for drastically slowing down general Internet traffic in 2003 despite being a solitary packet worm in memory, attacking without a file system component. It exploits a patched buffer overflow bug in MS SQL Server and Desktop Engine, and its trickling effects are still observed in current times.
5. I Love You
The Loveletter virus, also known as Love Bug, plagued inboxes in 2000 and infected some 10 percent of computers worldwide, with each system harboring an average of 600 infected files. It had a destructive payload, overwriting files with multimedia file extensions.