The first hit in May, and the second clogged e-mail in-boxes and servers in November. Microsoft's Hotmail and MSN e-mail services had so much trouble dealing with the infected spam that messages sent to members faced an unspecified delay. Some antivirus companies predicted there will be another Sober onslaught on Jan. 5.
To the surprise of some experts, Sober's tricks to get recipients to open the malicious e-mail and attachment worked. In May, the e-mail promised a prize of free tickets to the 2006 World Cup in Germany, while in November, the bait was a Paris Hilton video or a purported FBI e-mail.
There weren't many headline-grabbing worm or virus outbreaks in 2005, but Zotob, which caused outages at CNN, The New York Times and ABC, got a lot of attention. Unlike Sober, which propagated via e-mail, Zotob spread via networks using a security flaw in Microsoft Windows.
Attackers continued to deviate from using e-mail and networks to spread worms, and instant messaging became an increasingly popular conduit. In addition, they went hunting for holes beyond operating system bugs, in media players, antivirus software and other applications. It also became more evident that miscreants today are in it for the money, not just for bragging rights.
"Zombies," or remotely controlled compromised PCs, became such a big problem in 2005 that the Federal Trade Commission called for industry action. A network of zombies, called a botnet, can send spam or take down a Web site by flooding it with data requests.
Meet the hackers
One bug hunter drew the ire of Cisco Systems. Michael Lynn demonstrated at the Black Hat security confab this summer that he could remotely hijack a Cisco router or switch, something that was previously thought impossible. Cisco sued Lynn, triggering an outpouring of support for the researcher from the security community.
Microsoft took an opposite approach, inviting hackers to its campus twice this year for a "Blue Hat" discussion on the security of its products.
Firefox, touted by for its security compared with Microsoft's Internet Explorer, came under increased scrutiny from bug hunters. Several serious holes have been found in the Mozilla Web browser since its official release in late 2004. But one expert has cautioned that safe browsers simply don't exist.
Cybercriminals kept challenging those who wanted to halt their activities. Security vendors scrambled to find ways to combat "rootkit" technology. A rootkit will bury an attacker's code deep on a PC, making it hard to detect and even harder to remove without breaking the operating system.
Late in the year, Sony BMG Music Entertainment was found to have distributed a rootkit-like technology on music CDs that included copy-protection software. Trojan horses quickly used the tool to hide, and the fiasco forced the label to pull the CDs from stores. Expect security software makers to advertise rootkit detection widely next year.
2005 Highlights
Bagle virus makes a return
The mass-mailing virus is starting to spread worldwide, antivirus firms warn.
Feds to fight the zombies
FTC plans to tell Internet service providers to take stronger action against spam infiltrators.
Mytob e-mail worm proliferating quickly
The mass-mailing varmint makes up in numbers what it lacks in heft, security watchers say.
Hacking for dollars
These days, attackers are motivated more by money than the desire to write disruptive worms like Sasser.
ISPs versus the zombies
If providers don't pitch in against the threat, customers might defect--and the health of the Net itself could suffer.
Windows worms knocking out computers
Network worms are shutting down computers running Windows 2000, security experts warn.
Symantec: Mozilla browsers more vulnerable than IE
But the security specialist also finds that Microsoft's browser is the only one widely exploited by hackers today.
Sony's rootkit fiasco--the untold story
David Berlind: Sony's rootkit, as bad as it was, isn't the real story. The way the entertainment cartel is applying DRM as a whole is the real story.
Clock's ticking on new Sober onslaught
Mass-mailing worm is programmed to download new instructions in January, which could indicate a new outbreak.Behind the headlines
- Sober worm spreads like wildfire
- More Bagle, Mytob offshoots wriggle free
- Cisco hits back at flaw researcher
- Hackers rally behind Cisco flaw finder
- Microsoft wants to meet more hackers
- IE flaw opens door to infection on sight
- Watch out for worm wars
- Arrests made in probe of worm that hit ABC, others
- Zotob worm linked to credit card fraud ring
- Attack code published for Firefox flaw
- Experts: Microsoft-Yahoo alliance is food for IM worms
- 'Bot herders' may have controlled 1.5 million PCs
- Microsoft takes on spam zombies
- Sober worm offshoot trades on Paris Hilton, FBI
- Latest Sober threatens e-mail gateways
- Sober worm stalls MSN, Hotmail
- New IM worm chats with intended victims
