2006: The year in security
A look at the Top 5 security stories of the year, including cybercrime, phishing, and spam
Follow @infoworldThough Internet-crippling virus attacks now seem to be a thing of the past, PC users didn't feel a lot more secure in 2006. That's because online attacks have become more sneaky and professional, as a new breed of financially motivated cybercriminals has emerged as enemy No. 1.
Microsoft patched more bugs than ever and whole new classes of flaws were discovered in kernel-level drivers, office suites, and on widely used Web sites. Vendors' chatter about security is at an all-time high, but the bad guys are still finding lots of places to attack.
And, oh yes, spam is back.
Following are five of the top computer security stories in 2006.
Cybercrime dividends
Hackers teamed with professional criminal gangs in increasingly sophisticated computer crime operations aimed purely for profit. Much of the trouble centered on phishing, a type of attack where fake Web pages are constructed to harvest log-in details, credit card numbers, or other personal information. Credit card numbers are often sold online to others for illicit gain.
In May, 20,000 phishing complaints were reported, a 34 percent increase over the previous year, according to U.S. Department of Justice report. The U.S. hosts the largest percentage of phishing sites, it said.
But law enforcement agencies are getting more organized and cooperating better, particularly in international investigations. At least 45 countries participate in the G8 24/7 High Tech Crime Network, which requires nations to have a contact available 24 hours a day to aid in quickly securing electronic evidence for trans-border cybercrime investigations.
The private sector has also helped. Microsoft filed dozens of civil suits and gave information to law enforcement for criminal cases in Europe, the Middle East, and the United States against alleged phishers throughout 2006.
It's a brand new 0day
With automatic software updates now the norm, hackers have been forced to look a little harder for ways to put their malicious software on unsuspecting victims' PCs. In 2006 they turned to zero-day attacks as never before.
These attacks take advantage of previously unreported flaws in software, and in 2006 they became a top concern, according to the SANS Institute. In fact, hackers kicked off the new year in 2006 by releasing zero-day attack code based on a flaw in the way Internet Explorer handled WMF (Windows Meta File) documents.
This was followed, later in the year, by a rash of very targeted online attacks that exploited unpatched flaws in Microsoft's Office software. In fact, Microsoft warned of the latest such attack -- this one targeting a flaw in Word -- just this Tuesday.
To underline the scope of the zero-day problem, security researchers launched widely publicized "Month of Kernel Bugs" and "Month of Browser Bugs" projects, during which they exposed a new, unpatched vulnerability in browsers and operating systems every day for a month.
Spam avalanche
