Monthly Archives: January 2007

2007 – The Review from the Crystal Ball

This post is from the Heise Security website and it attempts to predict the trends for 2007.

It’s the season of the end-of-the-year reviews. We have used our crystal ball to jump forwards a year to provide you the ultimate review of 2007 — here and now.

2007 was the year of the super bots: Never before has malicious software been equipped with so many functions that help it to hide from antivirus software and to resist removal. The majority of malicious software programs used root kits, and their number doubled again on last years figure to over 500. Local privilege escalation vulnerabilities in Windows were increasingly exploited; accounts with restricted user rights were used to gain system rights. Initially, the protective functions in Windows Vista, which has been available for end customers since January, made it more difficult for malicious code to infiltrate the system. The crimeware scene responded and numerous vulnerabilities appeared as the year progressed and these were exploited to cancel or bypass the majority of the security functions. The user account protection (UAC), in particular, proved to be ineffective: Most users just confirmed any respective requests, since they did not undertand the displayed information.

Continue reading