While the Internet can give the virus caused the Holocaust has become in the past, but PC users in 2006 did not significantly increase a sense of security, because network attacks have become more secretive and professionalism, and new economic benefits for the purpose of computer security, criminal gangs are becoming the biggest enemy. Microsoft has a fix more than ever before, the kernel-level drivers, office software, a great site visits have been new types of defects are found. All vendors will be hung in the mouth safe, but criminals still find a lot of opportunity.
Here are five computer security incidents in 2006.
The economic interests of computer crime
In purely economic benefits for the purpose of increasingly sophisticated computer criminal activity, criminal gangs and professional hackers to get along with.
Most criminal activities related to phishing attacks, criminals using false web page for the user's login information, credit card number or other personal information, credit card number will be sold to others. According to the U.S. Justice Department said in May, phishing complaints reached 20,000 cases, representing an increase of 34% over the same period last year. Ministry of Justice also said the United States hosted the most phishing sites.
However, law enforcement agencies in combating computer crime, more organized activities, and cooperation was also better, especially in the international investigation. At least 45 countries participated in the G8 24 / 7 High Tech Crime Network. The private sector are also helping to combat computer crime. In 2006, the company in the United States, Europe, Middle East, and filed dozens of phishing-related civil litigation, law enforcement agencies to provide relevant information.
Zero-day attacks
As the automatic software update has become the standard, hackers have been more "hard" to find the user's PC to install malicious software approach. In 2006, they turned to zero-day attacks. According to the United States SANS Institute (SANS Institute), said such attacks take advantage of software flaws have not yet been amended in 2006, zero-day attacks become the biggest security concerns. In fact, hackers beginning in 2006 issued a document using the way IE handling WMF zero-day flaw attack code. After that appeared a large number of unpatched flaws in the use of Office, targeted attacks are very strong code. Just this month, Microsoft also warned that similar attacks may occur.
In order to allow people to attach importance to the scope of zero-day attacks, security researchers have introduced the "core defect month", "month of browser vulnerabilities," and other projects.
Spam avalanche
Gates two years ago had predicted that the spam problem will be completely resolved in 2006, he should check your inbox whether spam.
Increasing spam has been in the troubled 2006, IT system administrator. Related information shows that 90% of email is spam. Spammers find new ways to bypass security software, image-based spam, which some security technology can do nothing.
Spammers will spam directly on the image, this filter spam more difficult because it requires high processing power required OCR technology. Spam or keystroke logging software, rootkit, phishing attacks and other malicious code links to the carrier.
Web 2.0 experience hackers
MySpace.com may be the Web 2.0 model, but from the security point of view, its performance is not satisfactory. This is because it encountered a use of the password stealing worm script flaws, this is not the first encounter MySpace.com worm. In October, called Samy worm can automatically add the name of a young Los Angeles to the user's files, making him the most popular members of the MySpace community.
Security experts said that in the past year, these cross-site scripting attacks more and more. Such deficiencies can harm a level much greater than people think, including the mandatory PC to download illegal content, the black out other websites, sending spam.
Vista security features angered vendors
Security software to prevent access through the 64-bit version of Windows Vista kernel, Microsoft angered the security vendors. Patch Guard to block access to the kernel, the kernel to prevent malicious software from unauthorized modification.
To Symantec, McAfee's security vendors claim to represent, they need access to the operating system kernel, rootkit detection and other malicious software. In the subject from the European Commission and South Korea, after pressure from regulators, Microsoft agreed to open up access to the kernel API. However, manufacturers need to wait until after Microsoft released Vista SP1 to use the API.