By Mark Ward
Technology correspondent, BBC News
Hi-tech criminals took on a new tack in the past year
If 2007 was witness to the rise of the professional hi-tech criminal, then 2008 was the year they got down to work.
"The underground economy is flourishing," said Dan Hubbard, chief technology officer at security company Websense.
"They are not just more organised," said Mr Hubbard, "they are co-operating more and showing more business savvy in how they monetise what they do."
Statistics gathered by firms combating the rising tide of computer crime reveal just how busy professional cyber thieves have been over the last twelve months.
Sophos said it was now seeing more than 20,000 new malicious programs every day. 2008 was also the year in which Symantec revealed that its anti-virus software now protected against more than one million viruses.
The vast majority of these malicious programs are aimed at Windows PCs. Viruses made their debut more than 20 years ago but the vast majority of that million plus total have been created in the last two-three years.
Criminal gangs generate so many viruses for two main reasons. Firstly, many variants of essentially the same malicious program can cause problems for anti-virus software which can only reliably defend against threats it is aware of.
Secondly, in the past security firms have tended to focus on the big outbreaks. By staging a series of small outbreaks the criminals hope to go unnoticed while their family of viruses racks up victims.
Spammers use tempting subjects to trick people into opening messages
Another statistic from Sophos reveals how the tactics of the online criminal groups are changing.
Before 2008 the preferred method of attack was a booby-trapped attachment circulating by e-mail.
Provocative, pornographic and personal subject lines were used to trick people into opening the attachment. Anyone doing so risked having hi-tech criminals hijack their home computer and turn them to their own nefarious ends.
In 2008, said Graham Cluley from Sophos, the main attack vector started to shift. Increasingly, he said, attackers have tried to subvert webpages by injecting malicious code into them that will compromise the computer of anyone that visits.
By the close of 2008, said Mr Cluley, Sophos was discovering a newly infected webpage roughly every 4 seconds.
The type of page being booby-trapped had also changed, he said. Prior to 2008 gambling, pornographic and pirated software sites were much more likely to be unwitting hosts for the malicious code used to hijack visitors' machines.
In 2008 the criminals turned their attention to mainstream sites that had very large audiences and were vulnerable to the code-injection attack.
For Mikko Hypponen, chief research officer at F-Secure, 2008 was the year in which some hi-tech criminals got much more sophisticated.
The best example of this, he said, was the virus known as Mebroot.
"We saw it very early in the year and it continues to be a very complicated case," he said.
One of its most remarkable features is its built-in bug reporting system, said Mr Hypponen. When Mebroot is detected or malfunctions revealing its presence it sends off a report to its creators who then turn out a new version with the bug fixed.
Most attacks are aimed at PCs running the Windows operating system
"It's amazing that the bad guys were capable of pulling this off," said Mr Hypponen.
Dan Hubbard from Websense said 2008 was also notable for some hi-tech criminals turning away from viruses completely and embraced another way to make money.
Many, he said, were turning out bogus security programs that look legitimate but do not work. Once installed they purport to carry out a detailed scan of a machine and always turn up many instances of spyware and other malicious programs.
Cleaning up a machine using one of the bogus security programs always involves a fee, said Mr Hubbard.
"They are testing legal boundaries that are a grey area right now," said Mr Hubbard.
In mid-December 2008 the US Federal Trade Commission won a restraining order to shut down several firms that ran so-called "scareware" scams.
Research by Israeli security company Finjan suggests that up to five million people around the world have fallen victim to such scams.
A US court granted the FTC an injunction which stopped those behind the scareware products advertise their products, from making false claims about their efficacy and froze assets in the hope that duped customers could be refunded.
2008 also saw other big successes against criminals. In mid-November spam volumes around the world plummeted briefly following the closure of US network firm McColo.
Despite this, said Mr Hypponen, 2008 was a good year for the bad guys. The successes, he said, came due to action by ISPs, other net bodies and the media rather than from the action of law enforcement agencies.
This was mainly due, he said, to the trans-national nature of hi-tech crime that made it very difficult to quickly carry out an investigation and make arrests.
"The vast majority of these cases do not seem to go anywhere," he said.