2005

2005

The trends of the second half of 2004 continued during the subsequent years of 2005 and 2006. Although there were no serious incidents involving Trojans, their numbers quickly doubled and their methods of propagation became much more diverse. As well as spreading by the usual means, email, they were now propagating via Internet pagers, websites and network worms. At the same time, network worms of the non-email variety become increasingly popular – finding their way into computers through different kinds of software ‘holes’, e.g. Mytob and Zotob (Bozori), the authors of which were arrested in August 2005.

A strange thing happened to these worms. They managed to enter the networks of a number of American media giants, namely ABC, CNN and The New York Times and virtually paralyze their respective operations. Discovering the worms had invaded their networks, the corporations responded hysterically, publishing the sort of headlines one would expect to see were it a global virus outbreak whose effects could be compared to the network worm epidemics of 2003-2004. This response gave the impression that there was a hunger for such global incidents, prompting the outbreaks of Mydoom, Bagle and Sasser etc. to also make the front pages.

New viruses and Trojans for mobile platforms continued to emerge, particularly those targeting the Symbian OS. Apart from the more usual method of propagation – via Bluetooth, they also exploited wholly new methods. On 10 January, Lasco appeared. This was the first virus which not only replicated itself on other phone, but also infected executable Symbian files. This was followed on 4 March by Comwar, which sends itself via MMS to other contacts in a user’s contacts list (in much the same way as the first-generation worms did). 13 September saw the emergence of Cardtrap, a Trojan attempting to install malicious Windows files via cross-platform infection.

October-November saw a huge scandal over the discovery of Trojan rootkit technologies on Sony’s BMG compact discs. Rootkit technologies were used to protect the CDs from illegal copying. However, the very same technologies could equally be used for criminal purposes, and that is exactly what happened almost immediately thereafter when on 10 November the first backdoor Trojan was detected which exploited this very loophole.

The antivirus industry was undergoing massive change. Microsoft was actively seeking to enter the antivirus software market and to this end acquired two antivirus companies almost simultaneously. On 8 February 2005, Microsoft acquired Sybari, a company specializing in protection technologies for Microsoft Exchange email. They then followed this up with an announcement on 20 July concerning their acquisition of FrontBridge Technologies, a developer of network traffic filtration technologies. This was in addition to RAV antivirus, acquired in 2003 and GIANT Anti-Spyware, the acquisition of which was announced on 16 December 2004.

On 5 July 2005 the merger of Symantec and Veritas, a vendor of backup systems, was announced. The move was seen by many of those in the know as Symantec moving to protect itself commercially, ahead of Microsoft’s solutions hitting the market.

An additional scandal broke this year concerning a further vulnerability that had been found in MS Windows applications. This time it was a Windows Meta Files (WMF) processing vulnerability. The situation was further exacerbated by the fact that information about the vulnerability was published prior to the release of the respective Windows update. Users of Windows found themselves with little or no protection against hundreds of Trojans which immediately started to exploit the ‘hole’ in order to penetrate computers. Moreover, the information about the hole came on 26 December – during the Christmas holiday period, meaning that it was highly unlikely that Microsoft would react promptly. This was exactly what happened. On 3 January 2006, after several days of silence, Microsoft made an announcement stating that the Windows update would be released according the ‘approved schedule’, i.e. on 10 January. The IT security world literally exploded with numerous critical, angry, and sometimes even downright offensive articles attacking Microsoft. In the end, under barrage of criticism, Microsoft gave in and issued patch MS06-00 on 16 January 2006, which fixed the WMF processing vulnerabilities.