Fake antivirus and smartphone attacks are 2010's top threats

The rise of the Conficker worm and Heartland Payment Systems' enormous data breach were two defining security events in 2009. What's in store for 2010?


The rise of the Conficker worm and rogue antivirus scams were of the biggest security trends of 2009. What's in store for 2010?

"It's going to get worse," said Patrik Runald, senior manager of security and research at Websense, who argues there has not yet been a year when things got better in terms of security and the wider internet. Criminals have been mastering botnets, phishing scams and fake antivirus software sales, and 2010 will bring new waves of attacks that exploit fresh targets. Specifically, smartphones such as the Apple iPhone> and those based on Google's Android operating system will be in attackers' line of sight for 2010, Runald says.

While a handful of malware attacks have surfaced of late against 'jailbroken' iPhones (ones whose owners have deliberately disabled Apple controls), it's only the beginning.

People are jailbreaking their phones to "get out of what they see as a stranglehold by Apple so they can install what they want," Runald said, but one effect is that "they're opening themselves to greater risk

As attackers accelerate malware attacks against jailbroken phones, the dilemma, Runald says, is that vendors "cannot develop an antivirus application for the iPhone" because of the way Apple engineered it to preclude low-level access. "There's no way you can intercept file transactions," Runald said. Though security vendors might eye writing antivirus software for iPhones, "no one will do it" because of the nature of the iPhone's underlying design.

Khoi Nguyen, group product manager at Symantec, also said the current iPhone SDK doesn't allow third-party vendors to conduct the background processes for malware prevention that involve deep scans and checks for file protection. "We're hoping Apple will open up its SDK," Nguyen said.

Smartphones based on Google's Android present a different situation. Google has not made itself the gatekeeper of applications, but malware disguised as helpful applications could end up on Google application stores and people could end up downloading malicious code, unaware of the consequences.

Another accelerating security trend is the wave of criminals selling rogue antivirus software. Fake antivirus software is often called scareware, since frightening the PC owner is often part of the scam. Rogue antivirus, which Symantec counts as a top threat going into 2010, is not only thriving, but criminals selling it are starting to display new tricks.

"They're selling and re-branding copies of software that could have been downloaded for free elsewhere," said Zulfikar Ramzan, technical director at Symantec Security Response, which has tracked several hundred distinct rogue antivirus software products and 43 million attempts to download it in the latter part of 2009. Social networking sites are becoming a way to disseminate it.

An emerging security concern in 2010 is the potential for cyber-criminals to abuse cloud computing, says Tom Cross, X-Force advanced research manager at IBM. It's already starting to happen, he says, though incidents aren't yet getting much publicity.

Cross said cybercriminals were using stolen credit cards to pay cloud service providers to host virtual machines, exploiting these cloud services to operate command-and-control and attack components of a botnet to carry out denial-of-service attacks, network intrusions and more.

They might get a month's free ride with a phony credit card, and then move on. "We're seeing this happen," Cross said. The issue for legitimate companies is how their cloud service provider plans to handle such incidents - especially since legit customers might end up sharing a physical server with a criminal in a virtualised environment, Cross points out

"As a policy, people should insist that cloud computing vendors have a lot of knowledge about their customers," Cross said. Legit customers could find themselves impacted if they share the same server as a criminal.

"Recommended For You"

'Eurograbber' online banking scam netted $47 million WireLurker attacks against iOS devices also launched from Windows PCs