First I wanted to mention that in 2009, pageviews to the blog went up by about 74% over 2008. Although I had hoped for 200,000 pageviews this year, we fell a bit shy of the mark. As of December 26th, we've had 125,983 unique visitors bring us 192,409 pageviews in 150,722 visits.
Google was the primary way that people found our stories, and I am grateful to the folks at Google for hosting the blog again this year. After Google, the #2 referrer to the site was Facebook. Its nice to see people on Facebook warning each other about security risks and sharing links to the blog with each other. #3 was Twitter. Although I have a bit more than 550 followers on Twitter, its also been nice to see a large number of retweets with links back to the blog. Thanks to all the Facebookers and Twitterers who have been sharing our stories with their friends and followers.
2009 Top Stories by Readership
1. Webmasters Targeted by CPanel Phish - many hosting companies and webmaster organizations helped spread the word about this unique phishing attack that wasn't trying to steal banking passwords, but rather webmaster passwords. The goal of the attack was to compromise the login credentials that allow webmasters to change their webpages, which is exactly what we've been seeing this week. Thousands of accounts being taken over so that their webpages could be injected with malicious iframes to compromise visitors to existing websites with a "clean" history.
2. Fake FDIC spam campaign spreads Zeus malware - one of the most prevalent ways to steal identities this year was to begin with a broadly targeted social engineering scare which enticed visitors to click links that would lead to malware. In this case, the spam warned "Your bank has failed!" and provided a link to your "personalized FDIC report" to determine if your deposits were covered by insurance.
3. Computer Virus Masquerades as Obama - despite being a November 2008 story, websurfers continued to follow links to our story about malware being distributed in links that claimed to be messages from our President.
4. DownAdUp, Conflicker, Conficker whatever you want to call it, this worm drew tons of attention from January until March. Then, after what most consider an April 1st "flop", the worm got very little media attention. This is largely because of the successful efforts of the Conficker Working Group which has worked behind the scenes to keep the malware at bay and to warn network operators. Most don't realize that there are still more than 6 million Conficker-infected computers in the world.
5. Outlook Web Access and Fake Microsoft Outlook Update both drew large amounts of attention as spammers took advantage of the popularity of Microsoft's mail software to trick users into downloading malware.
6. Gumblar's 48,000 compromised domains make the web a dangerous place was also a popular story. Sharing details about the IFRAMES injected into the compromised webpages helped webmasters to know that they were part of the attack.
7. The IRS version of Zeus was one of several stories where the distributors of the Zeus password-stealing software used government based spam campaigns to fool email recipients. They also imitated the Centers for Disease Control, the Social Security Administration.
8. One on-going trend that we've seen was covered in our story Carders Do Battle Through Spam. These battles, which I call "pigeon fights", involve a spammer sending out false and very criminal accusations against another online criminal group. In this case, there was a bit of truth, as the spam claimed that carder.su sells illegal credit cards, while in other cases they may be accused of terrorism, child pornography, or human traficking. The goal seems to be to get enough law-abiding citizens to report the horrible spam they got to focus law enforcement attention on a competitor.
9. Its nice to be able to share good news in our blog, and the best kind of news is when cyber criminals get arrested. Our story The FBI's Biggest Domestic Phishing Bust Ever covered Operation: Phish Phry, where more than 50 Americans and a number of Egyptians were arrested as part of an international phishing conspiracy that had stolen funds from more than 5,000 American bank accounts.
10. Our next largest story was the coverage we offered to a Spam Crisis in China. That one is not over yet, but a major step forward was accomplished this month when CN-NIC announced new rules on domain registrations. We'll be reviewing the results of these rules, which limit the fraudulent use of ".cn" domains, to determine what impact the changes are having on spam so far.
Other stories that received high volumes of traffic included:
* - Koobface Wrecks Search Results. Koobface remains one of the greatest cyber threats we're currently facing.
* - Several stories about the Waledac malware, including a Couponizer version of Waledac, an SMS Spy Waledac, a Dirty Bomb in Your City Waledac, and an Independence Day Waledac.
* - I continue to be contacted daily by people who have been hit by a Traveler Scam claiming a stranded friend needs money. Most of these are Nigerian account takeovers of Hotmail, Live.com, and Yahoo email addresses which are then used to email all the friends found in the address book.
* - and of course the Erin Andrews / Twitter / Naked Newscaster story, which will continue to get traffic forever because it has the word "naked" in the title.
Thanks to Those who Link to our Stories . . .
We've had some faithful friends who have been kind enough to mention the blog. I probably should have run this as a separate story at Thanksgiving time, but for all of you listed below, Thank You! Whether you are security experts, journalists, or fellow bloggers, I am happy to count us all on the same team.
the Internet Storm Center at SANS has linked stories several times from their Handlers Diary. These selfless individuals donate their time to track emerging threats and from time to time share stories from this blog with their readers. They have an enormous readership based on the impact to this blog when one of our stories is mentioned there. Traffic-wise, it is better to show up in the SANS ISC Diary than to be Slash-Dotted!
Brian Krebs of the Washington Post continues to be the most influential journalist in the Internet Security space and has been kind enough to mention our stories on several occasions in 2009. His legendary leadership in the McColo campaign has changed the way the world looks at evil web hosting, but his constant awareness of what's happening in cybercrime has also kept him at the forefront of investigative journalism in our space. I can't wait to see what Brian does in 2010!
UAB's Computer & Information Sciences department has also driven considerable traffic to the blog - and not just from my students! Our unique offering of a certificate in Computer Forensics that combines the disciplines from Criminal Justice, Forensic Science, and Computer Science is gaining popularity as the correct approach to preparing cybercrime investigators for their career.
The Composite Blocking List sent us traffic all year long, but mostly from a single story, which was their definitive coverage of the effects of the McColo shutdown on spam. Using a blocklist like the CBL, SpamHaus SBL, or SURBL is highly recommended anti-spam practice.
Ryan Naraine and Dancho Danchev should be on every security person's Google Reader list. With a nice mix of straight security and cybercrime, the consistency and quality of this blog drives a lot of traffic when we get a nod from them.
Security.NL is one of the most consistent referrers to the blog and drives a lot of traffic our way. Last year they linked to our blog thirty separate times! Since I don't speak Dutch, I can only hope that a "beveiligingsexpert" is a good thing, because they say I am one! Thanks for making sure our friends in the Netherlands are on top of cybercrime and security issues!
IDG's Robert McMillan also is a journalist who is breaking an enormous number of cybercrime stories, although its harder to quantify the number of referrals from his blogs because they show up as links from PC World, ComputerWorld, Network World, Linuxworld, CIO, CSO, InfoWorld, and the foreign language versions of so many of those as well. Bob is another hard-working cyber security journalist who often exposes me to new stories that end up being covered in this blog. Thanks, Bob!
The Register also continues to break stories regularly on cybercrime issues, and has frequently sent traffic our way - especially in stories from Dan Goodin and John Leyden.
SC Magazine continues to grow in popularity and influence as well, and we've been favored by mention several times this year from Dan Kaplan. He's a journalist well worth following! It was also great to work with their editor, Illena Armstrong, on the SC 24/7 Virtual Symposium on botnets.
Thanks also to some others who regularly send traffic to this blog:
Security Focus: Headlines
SiL at InBoxRevenge and all the great anti-spammers there . . . (and also SiL's blog, I Kill Spammers.)
the Malware Domains List and their forums.
ThreatChaos blogger Richard Stiennon
and our friends at HK CERT, Simple Machines, Dark Reading, Le Monde, New York Times, ComputerForensicsBlog, PGP Blog, Naver Blog, and all the rest . . .