Review of 2007: Lost in translation

• Article 12 of 33
• SC Magazine, February 2008
• View the original article online

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages

JANUARY
Systems administrators got their usual New Year's greeting - a new worm that installed variants of Tibs, Nuwar, Banwarum and Glowa as well as two rootkits. Welcome to 2007.

And that was only the first outbreak of the month. A fourth zero-day vulnerability was found in Word, while the malware of the year, the Storm Worm Trojan, took advantage of bad weather in Europe, promising news of storm fatalities but only providing its creators with backdoors on to thousands of PCs.

Despite these bad omens, things were looking up for IT security, with the first jury conviction of a spammer under the US's CAN-SPAM Act and a drop in spam levels. Cisco made moves on IronPort Systems, while Symantec pledged $830 million (£400 million) for IT management software company Altiris.

But while the world looked on distracted as Gordon Brown took time out from his tour of India to apologise for Celebrity Big Brother's treatment of Shilpa Shetty (pictured), a new Bluetooth hacking tool came out, and Finjan was busy predicting a rise in complex code attacks.

In short, 2007 was shaping up to be the year when hackers went truly global and started to look for other ways past security.

FEBRUARY
Despite featuring the fourth annual “Safer Internet Day”, February proved no safer than any other month. An old vulnerability reared its ugly head in a new OS, as Vista proved susceptible to takeover via its speech recognition software. Meanwhile, a new vulnerability appeared in an old OS, with Solaris's Telnet proving to be compromisable.

But it was new attacks that really grabbed the headlines - when they could get past Britney Spears' shaved head (pictured in her happier days). RSS proved syndicating XSS was really simple. JavaScript turned out to be capable of resetting the DNS settings of certain routers. Another zero-day flaw in Word was uncovered, as well as a remote exploit in Office 2007. And an attempt to deny service to the web's DNS system was nipped in the bud - although some theorised it was only a trial run.

After January's period of grace, the ritual of laptop theft began anew, with one stolen from a New York state tax auditors' apartment containing personal details of hundreds of people. The Nationwide building society was fined £980,000 for losing a laptop in 2006.

MARCH
Remember that drop in spam levels mentioned in January? Three-quarters of all messages were now reported to be spam, following a fifth consecutive month of increases. Just goes to show it all depends on who you talk to ... Porn spam was at an all-time low, but anyone thinking that it wasn't going to come back in another form would be proven extremely wrong.

Almost to prove their own cleverness, hackers came up with a new kind of exploit in March: a flaw in Windows' animated cursors function; while spammers took advantage of blogs' trackback functions to launch their own brand of mischief. VeriSign warned that HTML injections blended with rootkits are set to become a new form of attack.

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages