During the first three months of 2009, the F-Secure Security Labs have been dealing with worms such as 'Conficker', 'Koobface' spreading on Facebook as well as the first SMS worm, 'Sexy View'.
The biggest malware story of 2009 so far has been the Conficker (aka Downadup) worm, according to F-Secure. It is a classic worm exploiting vulnerabilities in Microsoft Windows, of the type that has not been seen in the past few years.
However, Conficker has advanced features such as heavy encryption, a peer-to-peer functionality meaning that infected computers can communicate with each other without the need for a server, and the ability to convert and update itself.
Mikko Hypponen, F-Secure's Chief Research Officer says: "The authors behind Conficker are professionals. They have infected millions of computers, and could do anything they wanted with them. The mystery is why they haven't done that. Not yet, anyway."
Conficker changed operation modes on April 1st, gaining front page media coverage world-wide. However, the gang behind the worm still took action with their botnet. "The mystery continues," the security firm said.
Worms have also started using social networking. The latest variant of the Koobface worm spreading on Facebook steals your logon credentials for Facebook. It logs in, steals your picture and friends' e-mail addresses, creates a fake YouTube page with your Facebook photo and then sends an e-mail to your friends saying they've been tagged in a video on YouTube.
"When you get a message in Facebook from a friend, you tend to trust the message to be real. And when people follow a "funny link" to a video and are prompted to "update" their player, they easily fall for these attacks," Hypponen explains.
The first quarter was also historical as it saw the birth of the first SMS worm, Sexy View, designed for smartphones. Sexy View, like Koobface, is a social engineering worm which uses the contacts stored on your smartphone to spread. It sends a text message to your contacts telling them to check out some hot pictures and offers a link to a website.
Your contacts follow the URL because it came from you. They are asked to install an application, which now sends the worm to all their contacts. The worm sends the information about the phone to its makers who then use this information to send SMS spam.
"Sexy View is important in many ways, " Hypponen continues."It is the first text message worm ever. It's also the first mobile phone worm that circumvents the signature checks that are meant to secure the latest smartphones. And the motive behind it seems to be to collect information for mobile phone spamming purposes. Mobile phone spam is already a big problem in some parts of the world - eventually it will be an issue everywhere."
For the full F-Secure IT security threat summary for the 1st quarter of 2009 go www.f-secure.com/2009/