I'd rather spend this morning looking back on 2008, and some of the highlights that we discovered at UAB Computer Forensics as I and my staff spent the year analyzing spam, phishing, and malware and sharing what we found with you.
Last year we shared 102 Blog entries with you. Rather than tell you what *I* thought was most interesting, I thought I'd share with you what *YOU* seemed to think was the most interesting, based on the visits to each blog entry.
We'll hit these Top Ten Style . . . which means we start with . . .
Internet Landfill McColo Corporation
November 12, 2008
Perhaps one of the top accomplishments by "the good guys" this year was the closing of McColo. This story coined the term "Internet Landfill" to describe those networks which exist only to host trash, filth, and crime on the Internet. Championing Journalist Brian Krebs lead the charge, and the Internet should send him a big Thank You. Perhaps more importantly than shutting down McColo, which resulted in a 2/3rds drop in Spam volumes world-wide, was the proof that we CAN do something about spam if we work together.
Demise of Index1.php PornTube Video malware
Enom Phishing Continues
October 29, 2008
Both Enom and Network Solutions, two major network domain registrars, had phishing campaigns against them back-to-back. We believe this lead to quite a few domain take overs later in the year, including financial services company Check Free. Using the stolen userids and passwords for the people who rightly control the domain name information, criminals logged in and redirected dozens of domains to a server they controlled.
CNN Lends Authenticity to News Spam
August 7, 2008
After several weeks of fake news headlines tricking readers into clicking on links which infected their computer, the spammers got a huge boost in their infection rates when they began to imitate CNN.
Anti-Virus Products Still Fail on Fresh Malware
August 12, 2008
Three examples in this blog showed that current anti-virus products fail miserably when detecting fresh spam. Some of our examples, "in the wild" as evidenced by us finding them in our spam, were detected by as few as 5 out of 36 anti-virus products tested.
Governor Palin's Email Security Questions in the Facebook Age
September 22, 2008
When 20-year-old David Kernell broke into Governor Palin's Yahoo account by Googling up the answers to her security questions, we took a minute to point out how foolish this security practice is in this time when everyone's personal information is online.
More than 1 Million Ways to Infect Your Computer
December 23, 2008
A criminal uses malware to load thousands of websites with search terms to Open Redirector on many websites, including Microsoft.com and IRS.gov. This results in many search terms showing up in Google with the number one hit being a redirector that will infect the visitor with a fake anti-virus.
Storm Worm: Amero to replace Dollar?
July 22, 2008
Remember the Storm Worm? In July it pretended to be a warning that the US Dollar was being replaced by a gold coin. The continued popularity of this page actually has nothing to do with security. Rumor after rumor has circulated that the "Amero" proves that Bush was planning to merge Canadanian, US, and Mexican currencies, and desparate tinfoil hat types keep Googling up my page.
Computer Virus Masquerades as Obama Speech
November 5, 2008
A criminal who has been stealing userids and passwords since May gained perhaps his biggest collection yet as he creating a fake Obama acceptance speech which was widely spammed the morning after the election. If anyone visited the website to view the video, they would be trojaned and begin sending all of their login data to a computer in the Ukraine. This same criminal did dozens of spam and social engineering campaigns this year, primarily pretending to be a new "Digital Certificate" for your bank.
MSNBC "Breaking News" replaces CNN Spam Wave
August 13, 2008
One of the tricks the spammer's used to get people to infect themselves was to promise to show them videos. We later found malware which actually searched real news sites to select headlines which were then stuffed into the spam messages to give the spam timely relevance to the spam readers. When the spam began imitating MSNBC's Breaking News alerts, even more people found themselves infected, causing their own computers to begin sending spam as well.