These worms, and their associated hits to productivity and costs to cleanup had caused Microsoft an extraordinary amount of embarrassment. And this led to, in large part, the beginning of that company's Trustworthy Computing Initiative. We covered the beginnings of that movement in this lead news story, Software's Challenge. In those days, malware was highly visible and often deliberately destructive, and the reputation of Microsoft took a hard hit. Today, thanks to its secure coding efforts, Microsoft arguably has the most advanced secure software development practices in place. While flaws are still many, Microsoft has the development processes in place most any ISV could learn from. Although there's plenty of work left undone, to say the least.
Those infamous worms of 2000 and 2001 where quickly followed by a pair of equally infamous worms in 2003. First up, in January of that year, was the SQL Slammer worm, which exploited vulnerabilities in Microsoft SQL Server and MSDE, and caused significant disruption across the Internet. Then in August came Blaster, which struck the same week as the serious NYC blackout.
In the next year, the face of worms would change dramatically with the release of Santy. Santy, was one of the first - if not the first - web worm and propagated through a phpBB vulnerability and found potential victims through Google. It's estimated that more than 40,000 sites were infected by Santy.
While botnets had been a problem since the infamous distributed denial-of-service attacks that temporarily shut down major online properties in 2000, such as CNN and Yahoo, it wasn't until the Storm Worm began propagating in January 2007, social engineering its targets to open an e-mail promising information about a significant storm that had gone through Europe. Users who opened the e-mail and became infected by the payload became part of a huge botnet, up to 10 million systems by the fall of 2007.
The storm worm was followed that same year by Conficker (or Downadup), which became the most significant computer worm since 2003's SQL Slammer, with millions of infected systems around the world, and major updates to the worm occurring through April of this year. The most recent version, known as Conficker E installs a spambot and a copy of a scareware package. In fact, throughout 2009, rogueware and infected web sites went off of the charts.
The biggest change in malware, over the past decade, has been its evolution from viruses and worms that propagated for the sake of propagation or the destruction of data - as they did for about 15 years - to vast silent infections, spyware, and botnets developed for profitability and to become lasting Internet fixtures.
What will the next decade in malware bring? More of the same, only slightly different. Here are a few predictions:
Malware will grow even more stealthy, with the authors' goal to improve the processes associated with infecting as many systems as possible, for as long as possible without detection. That means more botnets, rootkits, and Trojans. We won't see many more Code Red or SQL Slammer type outbreaks.Professional attackers will increasingly turn to specialized, highly-targeted attacks designed to compromise an individual, or specific organization.
Malware will have greater impact on physical devices. Think hacking the smart grid and medical devices.
Counterfeit software and hardware will become significant security issues.
At the 2020 RSA Security Conference, Art Coviello will once again give a keynote suggesting that information security needs to be woven into the fabric of the IT infrastructure. It won't happen. IT security efforts will continue to play perpetual catch-up with both new technologies and attack techniques.
For security and business-technology observations throughout the day, follow me on Twitter.