Over the last ten or so years, these threats have become very sophisticated, firstly evolving from the simple email attachment borne malware that screwed with your computer's files or registry settings, and then on to automatically propagating worms and trojans which enlisted infected computers into distributed denial of service attacks. After this came a surge in website popup malware and scareware, which attempts to deliver advertising and rouge software products via compromised websites.
More recently, we have seen combined threats which first use propagation techniques to spread and then form a distributed network of infected computers (a botnet). Once infected, the computer registers itself with a smaller network of command and control servers, which are operated by criminals. The resulting botnet, often numbering millions of infected computers, then becomes a general purpose criminal resource that can be used to install custom malware, steal individual computers data (e.g. logins/passwords/files), serve up illegal web content, perform massive distributed denial of service attacks (hired out to other criminals at a set fee per hour), deliver mountains of spam, and even to hire out the infected computer for use as the ultimate anonymous proxy to perform further illegal online activity that cannot be tracked.
As well as these broad based attacks, we now also see increasing numbers of targeted attacks, also known as spear phishing, which are directed at particular individuals or groups of individuals within a company, exploiting some previous knowledge about the group in an attempt to obvert or delay suspicion.
With any new technology such as the Internet, security considerations tend to pop-up right at the end or not at all. As companies rush to get the first mover advantage, or to stay competitive with the industry, security requirements and privacy protections often get forgotten. So consumers get left with amazing technologies that are riddled with security holes. This is not only true on the Web, but also of WiFi connectivity, App Stores and Social Networking.
The aim of this blog is to provide an additional viewpoint and in-depth insight into recent developments in Internet Security, which is sure to be an ever-present and ever-evolving threat for long into the future. Enjoy!