MALWARE HISTORY

2005

One of the most interesting security threats in 2005 were the so-called worms for instant messenger applications.

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:”Calibri”,”sans-serif”;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:”Times New Roman”;
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:”Times New Roman”;
mso-bidi-theme-font:minor-bidi;}

IM services have
become so popular, that almost every PC user around the world enjoyed their
services. Although a couple of IM worms have been detected long before 2005,
their count significantly increased during the year.

The first
significant outbreak during 2005 took place in August, when the Win32.Worm.Zotob.A  worm and some of its variants (Win32.Worm.Zotob.D) started infecting
US-based computers. The new worm exploited multiple security vulnerabilities in
the Windows 2000 operating system in order to spread across the network.
Although the damage was allegedly situated in the $97,000 space, American
mass-media outlets proclaimed it a large scale disaster. This is mostly due to
the fact that the worm infected
computers at companies such as ABC, CNN, The Associated Press, The New York
Times, and Caterpillar Inc.

October 13 brought
a new surprise in the form of the Samy
XSS
worm (also known as JS.Spacehero). The new cross-site-scripting worm was especially tailored to spread
using the extremely popular MySpace social-networking site. The Samy worm also carried a payload that
would display the string “but most of all, Samy is my hero” on a
victim’s profile. According to a MySpace report, the XSS worm managed to infect
over one million users.

Samy‘s author has been
identified as Samy Kamkar. MySpace filled a lawsuit against him for felony.
Kamkar was sentenced to three years probation, 90 days community service and an
undisclosed amount of restitution.

A huge scandal was
about to begin on October 31, when Sony BMG was found to have willingly
infected music CDs with a rootkit in order to prevent illegal copying of music.
The company started protecting its audio CDs with a new technology, called the Extended Copy Protection (XCP). This
piece of software was automatically installed on the customers’ computers each
time the disk was inserted in the CD-ROM. Although Sony BMG had planted the
rootkit (Bitdefender identifies the rootkit as Win32.Sony-DRM-HiddenFile) with no intention to harm the user, the
community claimed that the XCP interfered with the normal way in which the Microsoft
Windows operating system played audio CDs and that it would open additional
security holes to be exploited by malware.

Sony BMG was
accused of having planted spyware on its customers’ machines. The company was
called to court as part of a class lawsuit. Moreover, Sony BMG had to recall
all the affected music CDs.

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.