The top ten Clu-blogs of 2009

Filed Under: Facebook, Malware, Social networks, Twitter, Video

2010 is looming large, which can only mean one thing - it's time to break my holiday sabbatical and compile my annual list of the most popular Clu-blog posts of the year.

Yep, fill your glasses, put another log on the fire, and prepare to find out what were the most read posts on this blog during 2009.

In true beauty contest tradition, I'll start by running down positions in reverse order, from 10 to 6..

10th. How to stop the Conficker worm on an unpatched PC


If a single piece of malware had to be chosen to sum up 2009, my guess is that most of us would choose Conficker.

Although it was first encountered in late 2008, exploiting a Microsoft vulnerability, Conficker (also known as Downadup) really began to make its mark in January 2009, spreading via USB flash drives and Windows file-sharing.

It's no wonder then that this blog's advice on how to stop the Conficker worm made the top 10 list of most popular blog entries of the year, with the advice regarding the Conficker April Fool's Day hype just missing the list by a hair's breadth.

9th. Apple ships a known vulnerable version of Flash with Snow Leopard

A major new version of an operating system always generates a lot of interest on the internet, and Snow Leopard (the new version of Mac OS X) was no exception.

What miffed many people, however, was that upgrading to Snow Leopard would *downgrade* your installation of Adobe Flash to a version which was known not to be secure and vulnerable to a number of known security vulnerabilities.

A week or so later Apple released an update which put the latest version of Flash back in place - but there must have been many people who were deeply concerned to discover their security had been silently reduced, especially as we have seen more and more attacks exploiting vulnerabilities in Adobe's products this year.

8th. Mac malware adopts porn video disguise

Is it safe to watch sex videos on an Apple Mac?

If you're in the habit of visiting the grubbier corners of the internet then you might have fallen for the myth that you're not putting yourself at risk if you visit hardcore porn sites on an Apple Mac.

Unfortunately, we're seeing more attacks against Mac users all the time, with hackers planting traps on websites that determine if you are visiting from a Mac or Windows PC and serve up the appropriate flavour of malware.

This video demonstrates the issue in a rather flippant way, using some cartoon stick men drawn by my colleague Carole Theriault:

This wasn't the only time we were going to encounter Apple malware during 2009, of course, and we'll see more examples before we reach the end of our top 10...

But before we get there, lets see some examples of how social networking threats have become a more critical issue during 2009..

7th. Why you shouldn't reveal your porn star name on Twitter

Twitter really took off in 2009, with barely a day going past without the mainstream media finding an excuse to talk about it.

But millions of new users meant inevitably that new security lessons would have to be learnt, to ensure that confidential information didn't fall into the wrong hands.

In May 2009, a trend emerged for users on Twitter to post their "porn name", generated by putting the name of their first pet alongside the first street where they lived.

Twitter users revealing their porn star names

One of the problems with playing a game like this, however, is information like that may be used by a number of services to verify your identity. In other words, you could be unwittingly making it easier for a hacker to break into your online accounts.

Yahoo password reminder questions

As I explained at the time, you shouldn't post this kind of personal information onto the internet - it simply makes identity theft too easy.

Furthermore, when websites ask you for a "secret answer" to reset your password... lie. As the likes of Salma Hayek have learnt the hard way, you don't need to tell the truth when you're asked by a website what your mother's maiden name was, or the name of your favourite TV show. Instead, say something random but memorable that no-one is likely to guess like "Bluehop Sausagedog" or "Knot's Landing".

For its part, Twitter did post a warning to users not to post their personal details, but I somehow doubt that many were listening.

Twitter warns users not to post their porn star names

And it wasn't just Twitter users who were finding themselves at risk during 2009..

6th. Facebook Fan Check Virus scare leads to malware

One of the major tactics used by hackers during 2009 has been their use of SEO (Search Engine Optimization) techniques to promote dangerous websites around hot search topics (such as topical news events).

A scare on the Facebook website about a third party application "Fan Check" sent many people hunting on the likes of Google, Bing and Yahoo for information about whether Fan Check was a virus.

Facebook Fan Check search results

As you can see in the video below, however, internet searchers were at risk of visiting webpages which pretended to contain information about the "Facebook Fan Check virus", but were really infected with fake anti-virus software, designed to display scary bogus warnings:

During the course of the year, we saw many more poisoned webpages, using SEO techniques to exploit interest in hot stories such as the death of Natasha Richardson, Stephen Gately, and Patrick Swayze to distribute scareware.

Fake anti-virus software alerts are displayed if you visit pages which claim to be about the Facebook Fan Check Virus

So, that's it. Positions 10 - 6 in the top Clu-blog entries of 2009.

But what were the top five blogs I made in 2009? Find out now as I run through the remainder of the list, and reveal which story came top of the pops.

, , , , , ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.