Consumers continued to face online threats to their personal data and finances in 2008 from bigger, badder botnets to scams exploiting the economic downturn to more security holes in trusted sites.
But some quick action on the part of a security researcher and collaboration among Microsoft, Cisco Systems, and other companies in simultaneously releasing patches for a major flaw in an important protocol likely prevented a major attack on the Internet.
Dan Kaminsky, director of penetration testing for IOActive, warned security software vendors about the problem with the Domain Name System that translates Web addresses into numerical Internet Protocol addresses in a secret meeting in March. And on July 8 vendors released their patches in an unprecedented, synchronized effort. While the efforts may have staved off a complete shutdown of the Internet, the flaw was still exploited in small, random attacks after the patches were released, Kaminsky said in August.
Meanwhile, popular sites like Facebook became attractive targets for virus writers. The Koobface virus spread by luring victims with supposed videos of themselves, while another worm on Facebook also used what looked like a video link to get people to download malicious code. Facebook was also forced to suspend at least one application after its developers failed to obey privacy settings set by users and exposed private data. Researchers estimate that as much as 85 percent of malware is now distributed via Web apps.
Malware jumped after the credit crisis forced the closing and consolidation of banks and other companies starting in the early fall. One report found a direct correlation between the fall of the stock market and the rise in malware. The targeted attacks include fake antivirus software scams that trick consumers into making an online transaction and phishing e-mails aimed at people whose bank had merged with another one, like Chase and Washington Mutual.
Botnets continued to plague the Internet, with millions of innocent computers being turned into zombies that unleash spam and other attacks. The Storm botnet enjoyed its heyday, to be replaced by Srizbi and others. However, officials were able to shut down a major botnet hoster, McColo, in November, which led to a sharp drop in spam, at least for a while.
PCs weren't the only targets for malicious hackers. Threats against newer gadgets and devices rose this year. Apple was forced to fix several holes that would allow people to compromise a password-locked iPhone and do things like view incoming SMS messages and launch applications, as well as make phone calls. Meanwhile, the ubiquity of USB thumb drives meant it was only a matter of time until they were used to spread viruses.
For the first time ever, a security company reports a decrease in the number of Storm botnet-related e-mail.
Holes in Facebook had allowed anyone to see your birthday, relationship status, gender, and other personal information on the Top Friends application.
A fundamental flaw within the Domain Name System is being addressed by multiple vendors.
Federal judge grants the state of Massachusetts' request to prevent three MIT students from giving a presentation about hacking smartcards used in the Boston subway system.
Users report serious security flaw in iPhone 2.0.2 that exposes mail, texts, voice messages, and browser to strangers despite the device being password-protected.
One quarter of IT administrators surveyed say data has been compromised by a Web-based threat and one-third cite employee use of social networks and other sites at work.
PandaLabs statistics show how cybercriminals are taking aim at confused consumers in a time of economic uncertainty.
Experts say McColo-hosted sites may have been responsible for as much as 75 percent of the spam on the Internet.
Software giant drops its paid Windows Live OneCare service in favor of a free consumer software focused on protecting PCs against malware.
Verizon Wireless tells Obama reps that its workers improperly accessed records of a cell phone the president-elect used recently, exposing calls and phone numbers but not e-mail.
Defense Department suspends use of USB drives as experts warn of USB-related virus outbreaks.
Connecticut officials may seek another trial after felony charges are dropped against a teacher accused of showing Internet porn to students in class, despite evidence that the culprit was spyware.