The year 2009 will be remembered as the year of Conficker, the first iPhone worm and the year Microsoft released Windows 7, according to Security firm F-Secure.
Speaking at an end of year wrap, F-Secure chief research officer, Mikko Hypponen, said 2009 was an exceptional year in IT security.
“We never see huge malware outbreaks anymore — except this year we did,” he said “Conficker peaked with over 10 million infected computers around the world and at the end of 2009 is still in millions of computers.
“This was very advanced malware using several tricks we have never before seen. [It was] a massive botnet not being used by the malware operators for anything useful and we still don’t the real story behind Conficker and that makes it one of the biggest mysteries in the history of malware.”
Hypponen said 2009 was also notable for the exploitation of the trust inherent in social networking sites, search engine optimisation poisoning and the prevalence of rogue antivirus applications.
“A few years ago the most common way of getting infected was email… today it is through surfing the web and now we are seeing more and more attacks misusing the attacks the trust within social networks,” he said.
“Most of the traffic going to malicious sites are actually generated with search engine optimisation attacks where the attackers seed the search engine with popular search terms so that searchers end up on the wrong sites and their computer ends up being take over. More often than not what the computers are used for is rogue security programs.”
The emergence of the first iPhone worm was also another major milestone during the year, Hypponen said. “The iPhone worms we have seen so far don’t really target the iPhones by themselves — they target jailbroken phones where the owner of the phone has broken protections partly so they are able to change the [network] operator and partly because they want to run whatever programs they want,” he said.
“Jailbroken iPhones are much easier target, especially when the user has installed tools like SSH without changing the root password.”
In a summary of 2009 security trends, Hypponen also said the launch of the Windows 7 operating system was a positive move to address the major security concerns inherent in Windows Vista and Windows XP.
“Windows 7 shows promise as a leaner, more secure operating system, and also has an improved user security experience compared to Vista,” he wrote in the summary. “The focus on a better user experience and improved security is also one of the important trends in 2009, coinciding with the emergence of Netbooks.”