The Zlob Trojan took a new tack by disguising itself as a video codec, deemed necessary to run video files of uncertain pedigree. Zlob has seen dozens of incarnations, most of which are notorious for pimping rogue antimalware, a moneymaking pastime. Zlob has morphed over time and emerged to notoriety five years later as the Alureon rootkit.
In 2007, Storm Worm started as yet another email-attachment botnet generator, but one with a difference: Instead of operating the botnet through a single server, Storm Worm borrowed peer-to-peer technology to disperse control. More than 1 million Windows PCs were infected. The Storm/Waledac botnet was largely broken up in late 2008, but it woke up and started spamming again last month, according to Symantec. Waldec's handlers are gathering steam for a big Round Two.
Many other botnets have come and gone in the past few years, most of them taken down or severely attenuated by breaking lines of communication and blocking compromised servers. A few remain problematic, most notably ZeuS, a do-it-yourself botnet kit designed to pick up passwords, account numbers, and the like on infected machines, then send them to the chosen drop zone, as well as Conficker, a botnet considered dormant but not completely eradicated.
Spam-generating botnets, such as Waledac, are getting hit hard by Microsoft's lawyers. Last October, one of the largest spam botnets, Bredolab, was decimated (although not completely eliminated) by the Dutch National Crime Squad.
Where malware is heading
As Windows XP machines die and get replaced by Windows 7, Windows is getting more difficult to crack by orders of magnitude. Little malware players have been squeezed out of the market, and the big players, looking for new opportunities, are finding few low-hanging fruit.
Still, Windows zero-day vulnerabilities are worth a lot of money, and those who find them these days are much less likely to use them to make funny dialog boxes with the number 1.
Because of this, we can expect Windows malware to continue evolving in innovative ways. One prominent trend is the rise of attacks outside of Microsoft-land. Koobface, for example, runs on Windows, but it's used to harvest information from Facebook and MySpace, convince Facebook users to install rogue antimalware programs, and otherwise turn social networking information into lucre. Nart Villeneuve provides an excellent PDF overview.
Another trend will likely revolve around industrial espionage. Whether or not you believe the Stuxnet worm was designed to break Iranian nuclear enrichment centrifuges, there's no question that a very capable team constructed a breathtaking array of zero-day Windows cracks and Siemens Step 7 code. Expect motivated organizations to blend innovative threats to get what they want.
Sign up for CIO Asia eNewsletters.