PC World Philippines

Posts Tagged ‘ malware ’

Linux Trojan raises malware concerns

By Fei on June 15, 2010

By Tony Bradley
June 15, 2010

SAN FRANCISCO – I’ve got good news and bad news for those of the misguided perception that Linux is somehow impervious to attack or compromise. The bad news is that it turns out a vast collection of Linux systems may, in fact, be pwned. The good news, at least for IT administrators and organizations that rely on Linux as a server or desktop operating system, is that the Trojan is in a game download so it should have no bearing on Linux in a business setting.

An announcement on the Unreal IRCd Forums states “This is very embarrassing…We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (trojan) in it. This backdoor allows a person to execute ANY command with the privileges of he user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn’t allow any users in).”
The post goes on to say “It appears the replacement of the .tar.gz occurred in November 2009 (at least on some mirrors). It seems nobody noticed it until now.”

Unreal is a popular first-person shooter game–similar to Doom or Quake. I don’t have any numbers on the total downloads since November of 2009, but it seems safe to assume there are a lot of Linux systems out there compromised by a backdoor Trojan.

However, none of those systems should be in a place of business, so the risk from a business perspective is not very high. IT administrators can learn, though, from the mea culpa at the end of the UnrealIRCd Forums post. “We simply did not notice, but should have. We did not check the files on all mirrors regularly, but should have. We did not sign releases through PGP/GPG, but should have done so.”

Basically, because of the false sense of security provided by Linux it simply never occurred to anyone to check if the software might be compromised. Combining that false sense of security with the security by obscurity factor that Linux makes up less than two percent of the overall OS market and isn’t a target worth pursuing for attackers, means that many Linux owners have zero defenses in place.
To be fair, Linux experts are aware that the operating system is not bulletproof. You can pick any flavor of Linux, and its accompanying tools and applications and find hundreds of vulnerabilities. The difference–according to the many lectures I have received in the comments of articles I have written on Windows security–is that the way the Linux OS is written makes it harder to exploit a vulnerability, and that because its open source vulnerabilities are fixed in hours rather than months.
The lesson for IT Admins managing Linux is to be more vigilant. Linux is not impervious to attack. Hopefully the Linux systems in a business environment aren’t running Unreal, but it’s quite possible that Unreal is not the only compromised software available.
Linux does not have the vast array of threats facing it that Windows systems do, but there are still threats. Even if those threats aren’t exploited through a quickly-spreading worm, they are still there and represent a potential Achilles heel in your network security if not monitored and protected.

Don’t make the mistake of simply assuming Linux systems are safe because they’re Linux systems. Implement similar security controls and policies for Linux as you have in place for Windows systems and you can prevent being pwned by a backdoor Trojan for months without even knowing about it.

Why Google’s Windows ban doesn’t make sense

By Fei on June 7, 2010

By Preston Gralla
June 7, 2010

SAN FRANCISCO – Google’s move to ban Windows for internal use was ostensibly for security reasons. But that looks more like a convenient excuse than anything else, because there are plenty of reasons the ban doesn’t make sense.

Google’s ban of Windows implies that the China attack was a garden-variety Trojan or piece of malware that infected individual PCs. In fact, nothing could be further from the truth. The attack on Google was extremely sophisticated and highly targeted. Dmitri Alperovitch, vice president of threat research for McAfee, told Wired Magazine, “We have never ever, outside of the defense industry, seen commercial industrial companies come under that level of sophisticated attack. It’s totally changing the threat model.”

Almost a dozen pieces of malware and multiple levels of encryption were used in the attack. Many people believe the Chinese government was involved, which means a substantial amount of time and work went into it.

What does this mean? Even if Windows wasn’t being used, Google still would have been targeted. Given the resources behind the attack, there’s a reasonable chance it would have succeeded. So banning Windows won’t keep Google safe.

Also, Macs are vulnerable as well. Mac fans will tell you time and time again Macs are not vulnerable to security risks. It simply isn’t true. Just yesterday, for example, security firm Intego reported that it uncovered spyware on freely distributed Mac applications. There are more Windows attacks because there are more Windows machines. Google switching users from Windows to Macs won’t keep them safe from targeted attacks like the Chinese one.

Plenty of analysts have said the ban won’t make Google any safer. John Pescatore, an analyst at Gartner who specializes in security issues told Computerworld “If [hackers] know that Google uses Macs, then they’ll just target the company with Mac malware. And Mac malware exists.” Michael Gartenberg, an analyst with the Altimeter Group, added, “The idea that security is behind this is a little bogus. Windows seems pretty good for Fortune 500 companies.”

So why did Google ban Windows? One potential reason is to promote the use of its upcoming Chrome OS. And certainly, Google doesn’t want to miss a chance to criticize Windows in the hopes of moving people away from Microsoft Office and onto Google Docs.

It’s not clear, though, that Google is any safer after banning Windows than before.

Adobe products: hackers’ number one target in Q1 of 2010

By Fei on June 6, 2010

June 6, 2010

According to Kaspersky Lab’s report ‘Information Security Threats in the First Quarter of 2010,’ Adobe products are currently the primary targetfor hackers and virus writers worldwide due to their prevalence and multi-platform capabilities. Furthermore, users of Adobe products are often unaware of the potential threat they are exposed to by opening PDF files of unknown origin.

Among the many varieties of exploit that were detected, the Exploit.Win32.Pdfka family with 42.97% was by far the most popular. This exploit takes advantages of vulnerabilities in Adobe Reader and Adobe Acrobat.

KL_hackers' top ten targets Q1 2010.jpg

The Top 10 exploit families detected on the Internet

When added together, two families of exploits targeting Adobe products, Exploit.Win32.Pdfka and Exploit.Win32.Pidief, account for a total of 47.5%, or nearly half of all detected exploits. These exploits are PDF documents containing Javascript scenarios that, without the user’s knowledge or consent, download and launch other pieces of malware direct from the Internet.

The report highlights the fact that many users of Adobe products have not installed the patches designed to remove the software’s vulnerabilities and therefore remain susceptible to attack. Among the top ten most prevalent software vulnerabilities detected on users’ computers over the first three months of 2010, three were found in Adobe products, six were found in Microsoft products, and one was found in a Sun product. The three vulnerabilities targeting Adobe’s programs were found on 23.37%, 17.87%, and 15.27% of the computers examined, with the first and last being critical vulnerabilities that allow remote hackers to take full control of a system.

One of the vulnerabilities in Adobe’s products that became public knowledge over three years ago has had a patch available for all that time, which just goes to show that many users are still not updating their software. To resolve this problem, Adobe launched last April 13 an automated update service that runs in the background. Developers are hoping that this will help reduce the number of unpatched applications that are so appealing to cybercriminals.

The full quarterly report, titled Information Security Threats in the First Quarter of 2010, can be found at www.securelist.com.

Why IT Should Love the iPad

By Fei on April 20, 2010

By Frank Hayes
April 20, 2010

FRAMINGHAM – Quick — how many iPads are in your users’ hands right now? You don’t know? Of course not. Your IT shop isn’t supporting the iPad. You probably can’t even figure out what an iPad is good for .

Besides, you’ve got bigger problems, like network security and malware and spam.

But what if you could dump those problems onto the iPad?

Look, where do most of our Internet-based miseries come from? Users. Specifically, users doing what users do on the Internet. They go to dangerous Web sites. They click where they shouldn’t. They fill up their company PCs with viruses and worms and spam — along with videos of kittens and MP3s of questionable legality.

Why do we let them do that? Because a decade or so back, when the World Wide Web was shiny and new, office PCs were the only devices they had with fast network connections. Keeping users locked out of the Internet was more trouble than it was worth — they kept finding new ways around whatever walls we put up. And their managers were no help, because the managers wanted to use the Web for personal stuff too.

So users did their surfing and shopping and video streaming, and IT did its best to keep up — deploying spam filters, whitelists and malware blockers as it grappled with an endless stream of otherwise unnecessary trouble tickets. And using work PCs for personal surfing became a standard perk.

Enter the iPad .

It’s small. It’s light. It has a big, bright color screen. It has Wi-Fi and 3G, so it can offer network connections that are at least as fast as those of office PCs.

Put simply, it may be the perfect personal Internet-surfing device. (And even if it’s not, it’ll soon be followed by a tidal wave of iPad-wannabe competitors that should force Apple to speed up the addition of support for multitasking and the delivery of features like a camera.)

Does the iPad have a place in business? Sure it does — as a personal Internet-surfing device.

The question isn’t whether we should support the iPad with our business applications. Instead, we should be figuring out how to get all that nonbusiness user stuff off our PCs and onto the iPad.

Think: What would it cost to create a separate Wi-Fi network in each office for users’ personal surfing? A few cheap access points, just enough security, maybe some new wire to pull.

Now, how much would you save if you could offload all the user Internet junk onto that separate network? You could lock down PC connections — hard. You could dramatically reduce your network management headaches, and probably reduce the bandwidth you need, too.

Users would still have that fast-network perk — just not on their work PCs.

You’d finally be able to enforce your “no personal e-mail” rules, your “no streaming video” rules and your “no clicking on unknown Web sites” rules — at least on your office PCs. And if a user fills up his iPad with spam or gets infected, that’s his problem. If he hogs bandwidth, other users can, um, let him know about it.

Nearly all the legal and HR problems that come with personal use of office PCs can go away too. Pornography, music and video piracy, and inappropriate e-mails will be on users’ own machines — and out of IT’s hands.

See? We really can drop all those problems onto the iPad.

Because really, users don’t need work PCs for personal Internet use. Let’s leave them to their own devices — smartphones, BlackBerries, netbooks and, of course, tablets.

And, just maybe, we’ll discover what the iPad is good for: making life easier for IT.

The Cleanest Malware Scan

By Fei on April 7, 2010

By Lincoln Spector
April 7, 2010

SAN FRANCISCO – Michael Gersten wants to be absolutely sure malware can’t interfere with his security scan.

No matter how good your security software, and how well you keep it up to date, there’s always that nagging doubt: “What if some malicious program is interfering with my antivirus, protecting itself while hurting me?”

That’s a legitimate question, and it’s one of the reasons I frequently recommend that people use a second malware scanner to supplement their main antivirus program (see One or Two Anti-Malware Programs? for details). But even that suggestion involves running a program already installed on your PC (and thus, possibly compromised), while something evil may be running in memory.

I’m going to recommend two ways to scan for infection in a clean environment. Pick which makes the most sense to you, or–if you’re really paranoid–use both.

Windows Safe Mode and a Portable Scanner

Only the minimum, basic code loads when you boot Windows into Safe Mode. It’s a good bet your malware infection won’t be running in this environment.

On a safe computer, download the SUPERAntiSpyware Portable Scanner and save it to a flash drive. This self-contained malware program (in the form of a DOS .com executable file with a Windows user interface) gets updated regularly, so you can assume the version you just downloaded is up-to-date.

Then boot the suspect PC into Safe Mode. Press F5 just before Windows starts loading (it may take a few tries to get the timing right), and select Safe Mode from the resulting menu. If you don’t see a Safe Mode option, press F8.

Once the PC is booted, insert the flash drive. Unlike Windows’ normal mode, nothing automatic happens when you plug in a drive, but if you select Start then Computer (or My Computer) the drive will very likely be there. Open it, double-click the program file with a name that starts with SAS and ends with .COM. Once the program is up, click Scan your Computer.

It’s possible that your PC won’t see a flash drive in Safe Mode–some do, some don’t. If yours falls into the second category, boot it normally, then copy the SAS…COM file onto your desktop. Then boot into Safe Mode and run the scanner.

Boot from a Live CD

If Safe Mode doesn’t seem quite safe enough, you can skip Windows, altogether. To do so, on a safe computer download the F-Secure Rescue CD.

This “CD” comes in the form of an .iso file (which itself comes inside a compressed .zip file). It’s important that you run the .iso file in a program that knows what to do with it; merely copying the file to a CD will not have the desired effect. When you double-click the .iso file, there’s a good chance that some program on the computer will automatically load and ask for a CD-R onto which it can burn the file’s contents. If that doesn’t happen, download and install ISO Recorder.

Once the disc is complete, place that disc in the PC you wish to scan and boot your PC off the CD. It will boot a text-based version of Linux. Using a wizard, F-Secure will update its database over the Internet, then scan your PC.

At least, it can do that if it can find the Internet. Linux may not have access to any special drivers for your networking hardware, and certainly won’t have your WiFi password. Your chances of getting through are greatly enhanced if you use ethernet.

If you can’t get an Internet connection, there’s a workaround: On a healthy computer, you can download the latest update and put it onto a flash drive. The F-Secure Rescue CD manual (a .pdf in the .zip file) explains how.

But the F-Secure Rescue CD comes with a very serious warning. If it has to alter Windows system files to clean your system, it may render Windows unbootable. That’s something to consider before you decide to take this route.

Twitter Becomes More Proactive About Phishing

By Fei on March 12, 2010

By Ian Paul
March 12, 2010

SAN FRANCISCO – Twitter is finally being proactive about the large number of phishing scams that have plagued the micro-blogging service in the past year. On Wednesday, Twitter introduced its own anti-phishing service designed to protect its users from these types of attacks. The new security measures will focus on Twitter direct messages (DMs) — private tweets addressed to a specific user — and corresponding e-mail notifications. Twitter believes DMs are the primary source of Twitter-based phishing attacks, and has not yet announced any plans to extend the new service to regular Twitter messages.

DMs will now be routed through Twitter’s anti-phishing service to “detect, intercept, and prevent the spread of bad links,” Del Harvey, director of Twitter’s trust and safety team, wrote in a recent blog post. After Twitter has approved a link, it will be delivered to users via a new ‘twit.tl’ URL instead of bit.ly, tinyURL or other link-shortening services. Twitter also claims that if a bad link gets through to a user via e-mail, the company would still “be able to keep that user safe.”

Social Phishing

Phishing scams are often used to harvest log-in credentials for social networks and financial sites by encouraging users to log in to phony versions of legitimate Websites. These types of scams often entice users to click on a bogus link to check out a new video or log in to a particular service to verify some data. The fake Website can then either inject some form of malware onto your computer or steal your log-in credentials to the legitimate site. Typically, phishing messages use URL shortening services to mask the phony site’s actual Web address.

Malicious activity like this has become a regular problem for social networking services and tools, and some are starting to be more proactive about dealing with the issue. Bit.ly checks all links created using its service against three independent malware blacklists to help fight phishing and malware scams. Bit.ly is Twitter’s default link-shortening service.

Another URL-shortening service, Tr.im does not specify how or if it monitors for phishing attacks, as far as I could tell anyway, but it does have a spot on its Webpage where users can report suspicious or spammy tr.im links. TinyURL does not publicly state it protects against abuse of its service, but states at the bottom of its homepage that it forbids illicit uses of its services.

Facebook last month instituted an automated security system in partnership with security firm McAfee, after being targeted with its fair share of phishing scams. The new system is supposed to help detect user accounts that may have fallen prey to malicious activity; however, Facebook’s malware strategy may not be as effective as it could be, especially since it’s designed, at least in part, to sell McAfee security software to its users.

Google’s new social networking experiment Google Buzz is also reportedly proactive about phishing scams. Google recompresses images sent to Buzz and scans all links in Buzz against its blacklist of Websites, according to Webpronews. Google also reportedly has spam detection and abuse monitoring in place for Google Buzz comments.

The Problem with Lists

Of course, the downside of any Website blacklist is that it will never be large and agile enough to catch the newest scam sites. Since the use of blacklists is the most common way modern Web browsers and security services protect users against malware, the best defense is still to trust one’s own instincts.

Be wary of oddly worded or unsolicited messages you receive through social networking sites, and make sure you don’t log in to a site based on a link you received via e-mail. More importantly, make sure the site you’re trying to log in to is the real thing by verifying you have the right URL in your browser’s address bar — Facebook has a brief explanation about legitimate URLs here. Automated protection against phishing scams and malware is a great help, but in the end it’s no substitute for common sense.

Lose the Trojan

By Fei on March 8, 2010

By Lincoln Spector
March 8, 2010

SAN FRANCISCO – Deb asked the Answer Line forum how she can remove a Trojan from an infected .dll file called infamiqayoq.dll. Her security software quarantined the file, but now she gets an error message every time she boots.

That file is the Trojan, and serves no valid purpose. The strange file name (which as I write this yields nothing in a Google search beyond Deb’s PC World forum post) gives it away. Malware programs often rename themselves to random character strings as they propagate.

Now that the file is quarantined, best to let the security program delete it entirely.

But what about that error message every time you boot? With the file gone, the message is just a harmless annoyance. But it’s still best to get rid of it. Select Start (Start, then Run in XP), type msconfig, and press ENTER. Click the Startup tab. Search the Command column in the resulting table (you may have to expand it) until you find the culprit. Uncheck and it and click OK.

As SpiritWind pointed out in the original forum discussion, the Trojan probably put more than one file on your PC, so it’s best to scan the hard drive again. Use your existing security software, but follow that up with a scan from something else. And I’m still recommending the free version of either SUPERAntiSpyware or Malwarebytes’ Anti-Malware–or both.

Twitter Phishing Scam: Blame Browsers and Users

By Fei on March 1, 2010

By Jared Newman
March 1, 2010

SAN FRANCISCO – With banks, newspapers, and politicians in Britain overrun by a blatant Twitter phishing scam, it’s time to point some fingers. Most disappointing are browsers and users, both of which failed to recognize an obvious ruse.

Specifically, I’m calling out Firefox and old browsers. After receiving a malicious “This you????” link from a follower, I tried it with all the browsers at my disposal, including Firefox 3, Google Chrome, Internet Explorer 8 and mobile Safari for the iPhone. Firefox was the only one that didn’t throw up a warning page when I tried to visit the link.

In fairness, Firefox is usually better than this. A report by NSS Labs last year found that Firefox 3 and Internet Explorer 8 blocked 80 percent and 83 percent of phishing sites, respectively — far superior to the competition. But what good are those numbers if you don’t block the big one? It’s like batting with the highest average during the regular season and choking in the playoffs.

I imagine that older versions of browsers fell prey to the attacks as well, but I couldn’t test those out. After all, Internet Explorer 8 was the first version to include a phishing filter, so older versions might not have warned users.
It’s also hard to believe that so many Twitter users fell for the phishing scam. This one had all the telltale signs: A shortened URL, an actual URL hosted on a different domain (kevanshome.org) and a login page that doesn’t quite follow Twitter’s format, but has all the same graphics. And if you’re already signed in to Twitter, there’s no reason you’d need to sign in again.

As with any phishing attack on a social network, Twitter shoulders some of the blame for merely letting it go on for too long, but I understand that Web services get attacked often, and the major ones aren’t immune. In the end it comes down to having a browser that’s got your back and some computer smarts when all else fails. Apparently some high-profile people across the pond had neither.

Malware Aims to Evade Windows 7 Safeguards

By Fei on February 1, 2010

By Erik Larkin
February 1, 2009

SAN FRANCISCO – Experts agree that Windows 7 has enhanced security to ward off attacks on vulnerabilities in old software. But what if a money-minded online scammer can persuade you to download malware onto your PC?

“Windows 7 is more secure, and upgrading to it is a big improvement,” says Chester Wisniewski, a senior security advisor with software-maker Sophos. “But it’s not going to stop malware in its tracks.”

Exploits Take a Hit

Digital crooks generally use two tactics to install malware on a PC. Exploits often take the form of a snippet of attack code hidden on a Web page–often a hacked-but-otherwise-benign site. When you browse the page, the exploit hunts for software flaws in Windows or in third-party programs such as Adobe Flash or QuickTime. If it finds one, the exploit may surreptitiously install malware without any hint of the attack.

In contrast, social engineering attacks try to trick you into downloading and installing bot malware that poses as a useful program or video. Some attacks combine tactics, as when a scammer sends an e-mail message encouraging you to open an attached PDF file, only to trigger an exploit buried in the file that then hunts for a flaw in Adobe Reader.

Security upgrades in Windows 7 could help prevent many attacks that target software flaws. ActiveX attacks, once the bane of Internet Explorer users, may “pretty much disappear” due to IE 8′s Protected Mode, says H.D. Moore, chief security officer at Rapid7 and creator of the Metasploit testing tool.

The arcane-sounding Address Space Layer Randomization makes it harder for crooks to find a vulnerability for a running program in your computer’s memory. The related Data Execution Prevention feature attempts to prohibit an attack from taking advantage of any flaw that it may discover.

“These two, in particular, could have a very large impact,” says Wisniewski. Still, though ASLR and DEP were expanded to protect more programs in Windows 7 than in Vista, they don’t cover all applications.

Vista Safer Than XP?

For a sense of what that impact might be, we can look at how Vista fared against malware. Microsoft’s latest Security Intelligence Report covers the first half of 2009, prior to Windows 7′s release. It’s based on data from the Malicious Software Removal Tool, which Microsoft distributes via Automatic Updates to fight common malware infections. According to that data, the infection rate for an up-to-date Vista computer was 62 percent lower than that for an up-to-date XP system.

It’s possible, of course, that Vista users are technologically savvier on average, and so less likely to fall victim to malware. The sample sizes for XP and Vista, which Microsoft didn’t include in the report, might skew the statistics, as well.

But Sophos’s Wisniewski thinks that ASLR and DEP are factors, too. And since those features are expanded in Windows 7, there’s reason to hope they’ll continue to be effective.

“I don’t see this going away anytime soon,” says Moore. He notes that there are plenty of ways crooks can and likely will continue to ply their evil trade against the new OS. But “it does raise the bar,” Moore says.

Hacking People, Not Programs

Exploit-based attacks may be harder to pull off against Windows 7, but social engineering attacks may be as dangerous as ever. And the theoretically less-annoying User Account Control does little to disable poisoned downloads.

In October, Sophos ran a test to see how Windows 7 and UAC would handle malware. First, the testers grabbed the first ten samples of malicious software that came into their lab. They then ran those samples on a fresh Windows 7 machine with UAC at its default settings, and with no antivirus installed.

Two samples couldn’t run on Windows 7 at all. But at its default setting, UAC blocked only one sample, leaving seven pieces of malware that loaded right up.

Sophos’s test highlights two points. First, Wisniewski and others say, UAC isn’t designed to block malware as much as it is to encourage programmers to write software that doesn’t require special privileges–so you shouldn’t count on it for protection.

Second, if a bad guy tricks you into downloading a Trojan horse, ASLR and DEP don’t matter. IE 8′s SmartScreen filter and similar features in other browsers might block known nasties, but the malware universe is bigger than that.

Social engineering ruses include using a hijacked social network account to send malware lures to friends of the owner, sending a link to a supposed video taken of a friend, and hiding a poisoned URL in a shortened link of the type commonly used on Twitter. (For more on such dangers, see “How to Stop 11 Hidden Security Threats.”)

Toss in other tried-and-true scams such as videos that instruct you to install a codec file (but instead lead you to a malware download), and phony documents attached to e-mail messages that appear to come from coworkers, and it becomes clear why Windows 7 users can’t let their guard down.

2010 cyberthreat forecast from Kaspersky Lab

By Jon on January 2, 2010

January 2, 2009

When asked about what will happen in 2009, a rise in global epidemics was at the top of Kaspersky Lab‘s prediction list. Kaspersky Lab, a leading developer of Internet threat management solutions that protect against all forms of malicious software, has seen that prediction to be true — 2009 was dominated by sophisticated malicious programs with rootkit functionality, Conficker, Web attacks and botnets, SMS fraud and attacks on social networks.

With the start of 2010, researchers and analysts from Kaspersky Lab have come up with a list of six predictions for what will be the New Year’s greatest threats and newest attack vectors.

1.       A rise in attacks originating from file sharing networks.
This year, we will see a shift in the types of attacks on users, from attacks via Web sites and applications toward attacks originating from file sharing networks.

2.       An increase in mass malware epidemics via P2P networks.
In 2009 a series of mass malware epidemics has been “supported” by malicious files that are spread via file sharing networks. This method has been used to spread notorious threats such as TDSS and Virut as well as the first backdoor for Mac OS X. In 2010, we expect to see a significant increase in these types of incidents on P2P networks.

3.       Continuous competition for traffic from cybercriminals.
The modern cybercriminal world is making more and more of an effort to legalize itself and there are lots of ways to earn money online using the huge amount of traffic that can be generated by botnets. In the future, we foresee the emergence of more “grey” schemes in the botnet services market. These so-called “partner programs” enable botnet owners to make a profit from activities such as sending spam, performing denial of service (DoS) attacks or distributing malware without committing an explicit crime.

4.       A decline in fake anti-virus programs.
The decline in gaming Trojans witnessed in 2009 is likely to be repeated for fake anti-virus programs in 2010. Conficker installed a rogue anti-virus program on infected computers. The fake anti-virus market has now been saturated and the profits for cybercriminals have fallen. Additionally, this kind of activity is now being closely monitored by both IT security companies and law enforcement agencies, making it increasingly difficult to distribute fake anti-virus programs.

5.       An interest in attacking Google Wave.
When it comes to attacks on Web services, Google Wave looks like it will be making all the headlines in 2010. Attacks on this new Google service will no doubt follow the usual pattern: first, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware.

6.       An increase in attacks on iPhone and Android mobile platforms.
The year 2010 promises to be a difficult time for iPhone and Android users. The first malicious programs for these mobile platforms appeared in 2009, a sure sign that they have aroused the interest of cybercriminals. The only iPhone users currently at risk are those with compromised devices; however the same is not true for Android users who are all vulnerable to attack. The increasing popularity of mobile phones running the Android OS combined with a lack of effective checks to ensure third-party software applications are secure, will lead to a number of high-profile malware outbreaks.

“Malware will continue to further its sophistication in 2010 with specific malware families requiring significant resources from anti-malware companies to adequately fight them,” said Roel Schouwenberg, senior malware researcher at Kaspersky Lab. “Third party program vulnerabilities will continue to be the target of choice by cybercriminals with Adobe continuing to be the main target. And finally I believe that with the introduction of real-time search, black hat SEO and social networks will become an even bigger focus of cybercriminals.”

Page 1 of 3 1 2 3 »