The Internet's "Naughty Nine" Malware Threats of 2008

Attacks using Obama and financial crisis particularly galling

Spammers learned how to hack CAPTCHA screens

Once again, the bad guys went after the curious, gullible and careless with lots of Web malware. Particularly malevolent were the attacks that relied on readers' enthusiasm for all things Barack Obama, and their distress over the credit crisis.

Below is a list of the most notable malware attacks in 2008, at least so far. The ‘Naughty Nine’ and their descriptions are courtesy of MessageLabs, a security company that is now part of Symantec.

Storm worm -- Storm was among the most aggressively spread malware of 2008. It enabled the formation of one of the largest botnets in history, estimated at 2 million compromised computers around the world at its peak.

Search Engine spam -- In early 2008, spammers begin abusing search engine redirects, a technique allowing them to include a link from a search engine query within an email message. The link resolves to the spammers forged web site meaning that spammers could send messages without directly mentioning the spam web site thereby bypassing traditional anti-spam detection mechanisms which typically will not flag legitimate search engine sites as malicious links.

CAPTCHA Breaks -- Hackers first broke webmail CAPTCHAs (Completely Automated Public Turing Test to tell Computers and Humans Apart) in February 2008. Once in, they were able to abuse free email services to send copious amounts of spam. As 2008 wore on, CAPTCHA breaking techniques continued to increase in sophistication and became the key to the spamming kingdom.

Targeted Trojans -- Although they have been around for several years, new versions of Targeted Trojans are continuously evading Anti-virus systems due to their variation in code. The most memorable Targeted Trojans of 2008 spoofed a U.S. consumer advocacy site and the Olympic organizers. Since the beginning of 2008, targeted Trojan attacks have increased to approximately 80 per day.

Web-based malware -- In April, cybercriminals used Web-based malware to take advantage of the opportunity to capitalize on computer users’ unfamiliarity with web-borne attacks. In July 2008, the number of new, malicious web sites blocked each day rose by 91 percent, taking the threat to its highest level. This surge was due to due to the number of websites linked to SQL injection attacks, where malicious JavaScript is downloaded to a visitor via the use of <SCRIPT SRC=http://www.[removed]/ngg.js /> HTML tags.  

Hosted Applications Spam -- In May 2008, spammers uncovered the perfect way to spam using links to hosted online documents created under accounts with a major hosted applications service provider, which are not blocked by traditional spam filters. 

Srizbi -- Estimated at more than 1.3 million infected computers, Srizbi was responsible for 50 percent of all spam in 2008. It was the botnet behind “Reactor Mailer” spamware and also the botnet that spurred phishing scams spoofing some banks, marking a shift toward targeting smaller state banks and credit unions. 

Obama spam -- 2008 being an election year, political spam was rampant. Two bouts of spam used President Elect Barack Obama to lure recipients’ attention. The first spam cluster purported to sell watches or pills but spoofed email addressed from the following domains: and, a popular website that intended to honor the presidential candidate’s altruism. The second run of Obama-related spam foreshadowed the outcome of the election using Obama subject lines 85 percent of the time and subject lines with McCain references 15 percent of the time.

Credit crisis phishing scams -- As the credit crisis worsened, MessageLabs saw an increase in phishing attacks largely spoofing banks, in September and October. Between August and September, phishing attacks rose by 16 percent and by 103 percent between September and October. The subjects of the attacks were national banks and global banks, smaller state banks and credit unions and online retail sites. As change prevailed through the latter part of 2008, scammers took advantage of the frenzy surrounding the mergers and bailouts.