2010: A Malware Odyssey


The dawn of a new decade will usher in a new batch of complex and insidious malware traps that will prey on users' obsession with social networking sites, the release of Windows 7 and a slew of other socially engineered lures, according to leading security software vendors.

If 2009 was the the year of living dangerously online, 2010 will be akin to walking down a dark, virtual alleyway late at night alone without a flashlight, a whistle, or a loaded .357 Magnum.

According to security researchers at PandaLabs, the amount of malware in circulation in the coming year will grow "exponentially" as malware purveyors ratchet up their focus on new trojans, phishing scams and fake antivirus strains designed exclusively to usurp personal banking information to fleece unsuspecting Internet users.

Mobile devices, including the Apple iPhone and Google's Android, will provide another fertile field for exploitation by cyber crooks looking for a quick score as users infatuated with real-time correspondence via social networking sites such as Facebook and Twitter let down their guard in the name of immediacy.

"Malware creators will continue to be drawn to these types of platforms that are used by millions of people," Luis Corrons, technical director at PandaLabs -- the research unit of antivirus and IT security vendor Panda Security -- warned in a blog post. "Several security companies have been warning for some time that malware is soon to affect cell phones in much the same way as it affects PCs."

"Well, we hate to rain on their parade, but 2010 will not be the year of malware for cell phones," he added.

Security software developers warn that while Windows Vista's release "hardly caused a ripple" in the malware universe, the arrival of Windows 7 will make waves, primarily ems+Upgrading+to+Windows+as a result of the widespread market acceptance of the new operating system and the fact that practically every new computer comes loaded with Windows 7 64-bit technology.

"Criminals will be busy adapting malware to the new environment," Carrons wrote. "It may take time, but we expect to see a major shift towards this platform over the next two years."

Tripwire, another security software vendor focusing on enterprise clients, is warning its customers that even though IT budgets promise to hold steady or decrease, more money will be wasted by enterprises this year on ineffective compliance efforts.

"The devil will be in the details," Tripwire researchers said in a statement. "Segregation of duties, poorly documented and communicated IT polices and failure to enforce rules with employees will be just a few 'little' things that will continue to play a huge role in jeopardizing enterprise security."

Tripwire also believes that the hype of social networking threats are real, but overstated. The real issue will be misconfigured servers, firewalls and laptops.

Meanwhile, CA is asking its enterprise customers to expect even more complex security threats in 2010 including an expected surge in so-called "malvertising" scams and more attacks targeting the Apple (NASDAQ: AAPL) platform.

In its State of the Internet 2009 report, CA (NASDAQ: CA) security pundits identified faux security software applications, insecure social networking sites such as Facebook and Twitter and viruses that corrupt major search engines and their results as the top security issues of the past year.

"Cyber-criminals have made a business out of conducting attacks on the most popular online destinations because they promise the highest payoff," said Don DeBolt, director of threat research for CA's Internet Security Business Unit.

Along with a slew of unforeseen but guaranteed popular culture events -- for example, the unexpected death of Michael Jackson or the marital travails of Tiger Woods -- Internet users can expect a flurry of malware scams related to the upcoming World Cup soccer tournament in South Africa, the Winter Olympics in Vancouver and a batch of election-related cons heading into the midterm elections, security experts said.

"It is a cat-and-mouse game," Debolt added. "Cyber-criminals are evolving along with the malware community and are constantly looking for new vulnerabilities to exploit, from online banking to search index poisoning."