New Malware Tactics, Targets Expected in 2010


New operating systems, social networking sites, and the emergence of the HTML 5 Web markup language will give hackers and malware designers even more opportunities to ply their crooked trade in 2010, according to security software vendor McAfee.

In its "2010 Threat Predictions" report (available here in PDF format), McAfee (NYSE: MFE) researchers said that Adobe's Acrobat Reader and Flash applications will surpass Microsoft's Office applications as the code of choice for cyber criminals next year.

"Cybercriminals have long picked on Microsoft products due to their popularity," McAfee said in the report. "In 2010, we anticipate Adobe software, especially Acrobat Reader and Flash, will take the top spot."

Meanwhile, social networking sites and their users can expect more of the same in 2010, with sites like Twitter and Facebook -- as well as the flood of third-party applications designed for and available on those sites -- will be continue to be what McAfee calls "the platform of choice" for emerging security threats.

"Users will become more vulnerable to attacks that blindly distribute rogue apps across their networks, and cybercriminals will take advantage of friends trusting friends to get users to click on links they might otherwise treat cautiously," McAfee researchers cautioned. "The use of abbreviated URLs on sites like Twitter make it even easier for cybercriminals to mask and direct users to malicious Web sites."

McAfee and its top competitor, Symantec, agree that the unprecedented proliferation of malware and sophisticated phishing scams will expand exponentially in 2010 as Internet users continue to click away from their home, work and mobile devices.

To stem the tide of cyber crime, vendors expect collaboration between technologists, law enforcement agencies and international security agencies will dramatically improve in the new year. On the consumer side, the latest antivirus software applications augmented with reputation-based security will help keep the Average Jane and Joe out of harm's way.

"We're now facing emerging threats from the explosive growth of social networking sites, the exploitation of popular applications and more advanced techniques used by cybercriminals, but we're confident that 2010 will be a successful year for the cybersecurity community," said Jeff Green, the senior vice president of McAfee Labs.

The release of the Microsoft (NASDAQ: MSFT) Windows 7 operating system in addition to Google's Chrome OS and the advancement of HTML 5, the latest video-friendly Web markup language, will give cyber thieves more new code to prospect for vulnerabilities.

HTML 5's anticipated cross-platform support also provides an additional motivation for attackers, enabling them to reach users of many mainstream browsers, McAfee officials said.

Whether it's a come-on for what appears to be a friendly game of online Monopoly or the incessant and sinister pleadings of a bogus antivirus application, malware scams have become more sophisticated and damaging with each passing day.

A report released earlier this year by the Anti-Phishing Working Group (APWG) found that fake anti-malware and security software programs soared up more than 585 percent in the first half of 2009 alone. In 2007, Gartner said that more than 3.6 million people lost more than $3.2 billion to malicious phishing scams.

"Next year marks a decade in the fight that international law enforcement agencies have undertaken against cybercrime," the McAfee report said. "McAfee Labs has seen significant progress in the universal effort to identify, track, and combat cybercrime by governments worldwide."

Larry Barrett is a senior editor at Based in Las Vegas, Larry covers IT management, enterprise software, services and security.