CA Predicts More Malvertising, Mac Attacks in 2010


Security researchers at business software developer CA this week warned enterprise customers to expect even more complex security threats in 2010 -- including an expected surge in so-called "malvertising" scams and more attacks targeting the Apple platform.

In its State of the Internet 2009 report, CA (NASDAQ: CA) security pundits identified faux security software applications, insecure social networking sites, such as Facebook and Twitter, and viruses that game search engines results as the top security issues of the past year.

"Cybercriminals have made a business out of conducting attacks on the most popular online destinations because they promise the highest payoff," said Don DeBolt, director of threat research for CA's Internet Security Business Unit (ISBU).

Facebook and Twitter have been consistently targeted by malware and phishing attacks as more and more users gravitate to the sites to for social and professional purposes.

Additionally, the sites' reliance on user-generated content makes for another route ripe for spreading infected content, CA said.

Mac hacks on the rise

Until recently, Macs -- which represent a minority of the PC market -- have been less attractive to hackers than Windows-based machines because volume is the name of the spamming game. However, CA and other security software vendors say the increasing popularity of Apple (NASDAQ: AAPL) machines and devices has made them a much more attractive target and the trend figures to continue in 2010.

CA's ISBU added 15 intelligent signatures detecting Mac OS X threats in 2009 -- the most prevalent being OSX/Jahlav -- and expects to identify many more in coming year.

Similarly, CA also said it expects 64-bit platforms to see a surge in targeted attacks as they proliferate in the consumer sector and in the workplace.

Web-based apps and new operating systems are likely to contribute to security woes in other ways, CA's ISBU said. The firm's researchers expect that another big computer worm like Conficker could strike in the new year as a byproduct of the popularity of Web-based applications and the release of new operating systems including Windows 7 and Google Chrome.

 Rise of scareware and malvertizing

Meanwhile, malware creators continue becoming more creative when it comes to finding ways to take advantage of Internet neophytes.

For instance, CA expects that bogus "scareware" security software will continue to prey on less-advanced Internet users who are convinced they're doing the right thing by downloading and installing applications that do nothing more than spread more malware through their personal computers.

Increasingly savvy malware authors are also getting better at exploiting search engine optimization and in leveraging malicious advertising, or "malvertising." CA sees both increasing as a means to distribute their attacks.

Similarly, banking Trojans will become more prevalent and become more sophisticated as hackers find more creative ways to steal or access personal banking data online.

But hacks for profit aren't the only threat that CA sees growing next year. For one thing, it expects that denial-of-service attacks will increase in popularity as a means to make political statements.

CA's security group said that malware as a whole more than doubled in 2009, a pace that's not likely to slow next year.

"It is a cat-and-mouse game," Debolt added. "Cyber-criminals are evolving along with the malware community and are constantly looking for new vulnerabilities to exploit, from online banking to search index poisoning."

Larry Barrett is a senior editor at Based in Las Vegas, Larry covers IT management, enterprise software, services and security.