The security evolution

Viruses have been around almost as long as computers, and even though anti-virus is now only one of the smallest parts of the security landscape the reality is that security is a perennial IT issue that will not be going away any time soon. One of the reasons for this is that it’s a fast moving target, the nature of security threats change over time and the security landscape in 2003 was radically different to today.

Cyber-crime is no longer the domain of teenage hackers seeking notoriety by wreaking havoc on the Internet, says Phil Vasic, A/NZ country manager, Websense. “Organised criminal gangs are using the web for financial gain – attacks are now invisible and information is being stolen without the victims even knowing. Techniques are continuously evolving and have become ever more sophisticated. In the past five years, there has been a massive increase in targeted phishing and pharming attacks, and the use of spyware, botnets and keyloggers.”

According to MessageLabs product marketing manager, Philip Routley, 2003/4 represented the high water mark for malware created by disaffected geeks seeking notoriety and the script kiddies who try to emulate their exploits. “In January 2003 Sobig arrived on the scene, followed by Sobig.f in July causing numerous global ISPs to strain under the email load generated. Post Sobig, a whole slew of copycat viruses with names such as Mydoom, Sober, Bagel, Netsky dominated the IT press throughout 2004.”

After this series of outbreaks, malware became increasingly driven by organised crime seeking to make money and in late 2006 security companies were seeing the next new threat evolve – botnets. A botnet is a large number of compromised computers which can be used to create and send spam or viruses or flood a network with messages as a denial of service attack. The computer is compromised via a Trojan and there is a thriving botnet business selling lists of compromised computers to hackers and spammers. The early botnets were primitive but over time they have become incredibly complex.

“Sparthru, a new Trojan, appeared late in the year,” says Routley. “This Trojan was unique in that it had in-built peer-to-peer technology so that all the infected bots could theoretically communicate with each other, it contained its own AV engine in order to displace one’s bot competitor and each individual bot was also armed with a template and a swathe of email addresses so it could function independent of the connection to the bot header software.”

evolution security the