2004: Good and Bad for
From a sharp increase in phishing
scams to high-profile arrests, here's what made news this
Paul Roberts, IDG News Service
Monday, December 27, 2004
Experts agree: 2004 was the best of times
and the worst of times for those concerned about security. It
was a year with high-profile arrests of virus authors, and the
explosion of online crimes, from cyber-extortion to identity
theft, a year in which ISPs won millions in damages from
spammers, and spam messages increased by 40 percent.
In hindsight, 2004 may be looked back
upon as the year that a long tradition of hobbyist hackers and
flashy, but harmless, viruses gave way to shadowy,
professional online crime syndicates. The professionals were
armed with virulent new threats designed to separate Internet
users from their cash, according to interviews with leading
With that in mind, here's a look at some
of the most important technology security stories and trends
of the last year:
Phishing: For Phun and Profit
Online identity theft through phishing
scams was the run-away security story of 2004, due to the
explosive growth in such attacks.
Phishing scams are online crimes that use
spam to direct Internet users to Web sites controlled by
thieves, but designed to look like legitimate e-commerce
sites. Users are asked to provide sensitive information, often
under the guise of updating account information, which is then
captured by the thieves.
E-mail security vendor MessageLabs
blocked an insignificant trickle of 279 such scams in
September 2003. By September 2004, that trickle swelled to a
flood of more than 2 million messages, according to a
statement from the company. In all, MessageLabs says it
blocked 18 million phishing e-mail messages in 2004.
The Anti-Phishing Working Group watched
the number of reported phishing
Web sites increase by an average of 28 percent each month
between July and November. The average phishing Web site
operated for six days before being shut down, according to
Peter Cassidy, secretary general of the group.
"Phishing has really exploded, it's been
one of the biggest problems we've had," says Mikko Hyppönen of
Finnish antivirus company F-Secure.
Achilles, Get Your Gun
Not since the days of Ancient Greece have
Trojans been as much a part of popular conversation as they
were in 2004, when an explosion in Trojan
horse programs turned countless Internet-connected
computers into tools for malicious hackers and international
online crime organizations.
Carried on the back of e-mail and
Internet worms, an eye-popping parade of back door Trojans
marched onto vulnerable computers since January.
One typical example is the ubiquitous
RBot, a Trojan program that spreads using a number of methods.
The program can collect system information, download and
execute files, launch a denial-of-service (DOS) attack, and
even remotely control a connected Web cam.
RBot-A, the first version of the
worm-like Trojan, was identified in March 2004. The latest,
RBot RN was identified on December 13, according to U.K.
antivirus company Sophos. In just nine months, there were 480
different versions of the Trojan.
Trojan horse and backdoor programs are
not new, but the rapid growth in their use in 2004 was a
product of cooperation between virus writers, online criminals
and spammers, says Jesse Villa, technical product manager at
Trojans have been silent actors in a
number of high-profile crimes, including the theft in 2003 of
code for the "Half-Life 2" video game. A Trojan horse
program named Banker-AJ infected computers and waited until
users visited online banking sites, at which point the program
logged user keystrokes and captured account information, says
Gregg Mastoras, senior security analyst at Sophos.
More Trojans have also led to an increase
in the number of "botnets," distributed networks of
compromised machines that act as "zombies" in spam campaigns
or DDOS (distributed DOS) attacks.
"At the end of last year we knew of about
2000 botnets. Towards the end of this year, we're looking at
about 300,000," Villa says.
Those networks range from 100 infected
PCs to networks of thousands of zombie computers, which are
rented out to aspiring spammers or for targeted DOS attacks
used in online extortion rackets, Villa says.
"Bots have largely gone ignored," says
Hyppönen. "You don't see alerts on bots, however they have
probably been a bigger problem [than viruses]."
Police and Patches
But the news wasn't all bad. While online
crimes skyrocketed in 2004, there were also a number of
high-profile arrests of those involved in cybercrimes.
In May, German authorities arrested
18-year-old Sven Jaschan, who admitted to creating and
releasing the Netsky and Sasser Internet worms, and a
21-year-old German man who admitted to creating the Agobot and
There were other victories as well,
including the June arrest of those believed to be behind the
2003 "Half-Life 2" source code theft and a September
arrest of a man believed to be connected to the theft of
source code belonging to Cisco Systems. In October, the U.S.
Department of Justice arrested 19 people in connection to an
online "carding" ring that traded information about stolen
identity and credit card information online.
In 2005, some combination of tougher law
enforcement and tighter security is the best way to stem the
tide of malicious and criminal behavior online, experts
To stop identity theft, banks, e-commerce
companies and consumers need to look hard at strong user
authentication technology, says Sophos' Mastoras.
"In the [European Union], banks are
already moving away from static passwords. I think that will
be a trend that will happen in the U.S. as well," he says.
E-mail sender authentication technologies
such as Domain Keys from Yahoo and Sender ID from Microsoft
need to be broadly adopted--a move that would make life
tougher for those behind phishing scams, which often use
forged e-mail sender addresses to trick unsuspecting e-mail
recipients, says Mastoras.
ISPs also have to begin sharing what they
know about Internet attacks and compromised computers on their
networks, Villa says.
"This is a long term problem and we have
to work together to combat it," he says.