A Retrospective of 2005

This has been an interesting year for viruses. Most viruses have been recycled worm routines, incorporating lists of the newest (and some old) Windows OS and software exploits. The most popular method of distribution is via email, usually zipped up to fool antivirus filtering.

For the most part 2005 has been very uneventful with viruses. Yes, we've seen the occasional downtime, but business data availability and integrity has not been our primary concern. This time the virus writers are getting smart, and go right where it hurts the most: Confidentiality. Most of the worms are dropping trojans and spyware. This malware works together to create Botnets (zombie networks) that upload financial and user account information to an attacker's command server (usually a public IRC chat room) and/or distribute spam. The timing couldn't be more worse as government regulations around the world are enforcing the cofidentiality of private customer information with high penalties of failing to do so.

Next on our list of prevalent activity is the use of Phishing scams to lure end-users into revealing their account information. It is a different tactic but same result. The attackers gain access to your financial information by tricking you into providing a username and password (and sometimes credit card or checking account number) at a fake login screen.

In both cases - phishing and email worms - the fault lies with people. This is where awareness training becomes so important. Administrators can't block password protected ZIP files without impeding workflow, and you can't block every phishing email without also impeding electronic communication. Your best strategy is to periodically warn your users about such threats and verify that they understand what shouldn't be opened and the consequences if they do. When in doubt, ask the Administrator!