Malwares look to target file sharing sites

Malware will become much more sophisticated in 2010, says a security analyst. (GETTY IMAGES)

This year will see a major shift in the types of cyber attacks on users from websites and applications to file sharing networks.

According to security analysts from antivirus company Kaspersky Labs, 2009 saw a series of mass malware epidemics that have been "supported" by malicious files that are spread via torrent portals.

This method has been used to spread notorious threats such as TDSS and Virut as well as the first backdoor for Mac OS X. In 2010, they expect to see a significant increase in these types of incidents on P2P (peer-to-peer) networks.

At the same time, analysts from Symantec's January 2010 "MessageLabs Intelligence Report" said that spammers have launched new campaigns related to 2010 events to sustain high levels of spam experienced last year. Spammers have started moving away from the New Year themes and are now latching onto Valentine's Day spam.

At the start of 2010, MessageLabs Intelligence saw the typical special New Year offers for pharmaceuticals, fashion accessories and watches, weight loss products, loans and jobs. At its peak, spam related to the New Year accounted for 7.7 per cent of all spam on a single day and more than 50 per cent of New Year-related spam messages was sent by the Grum and Cutwail botnets combined.

Spammers are now moving away from the New Year themes and are expected to next latch onto Valentine's Day-related spam topics. Spammers and phishers have also been quick to take advantage of the tragedy that struck Haiti to generate advanced-fee fraud scams.

As many countries seek to offer humanitarian aid and relief, the scammers are looking for ways to exploit those donation efforts counting on the public's concern and desire to help the victims to cloud their good judgment

In January 2010, the global ratio of spam in e-mail traffic from new and previously unknown bad sources was 83.9 per cent (1 in 1.2 e-mails), a drop of 0.3 per cent since December 2009.

The global ratio of e-mail-borne viruses in e-mail traffic from new and previously unknown bad sources was one in 326.9 e-mails (0.31 per cent) in January, a decrease of 0.03 per cent since December 2009. In January 13.2 per cent of e-mail-borne malware contained links to malicious websites, a decrease of 5.9 per cent since December.

While in January, phishing activity was 1 in 562.3 e-mails (0.18 per cent) a decrease of 0.11 per cent since December 2009. When judged as a proportion of all e-mail-borne threats such as viruses and Trojans, the proportion of phishing e-mails had decreased by 14.3 per cent to 65.3 per cent of all e-mail-borne threats.

Analysis of web security activity shows that 41.4 per cent of all web-based malware intercepted was new in January, an increase of 0.6 per cent since December. MessageLabs Intelligence also identified an average of 1,760 new websites per day harbouring malware and other unwanted programs such as spyware and adware, a decrease of 56.2 per cent since December.


Attacks in 2010

In 2008, the Kaspersky's analysts forecast a rise in the number of global epidemics. Unfortunately, that forecast proved to be accurate.

The last year was dominated by sophisticated malicious programs with rootkit functionality, the Kido worm (also known as Conficker), web attacks and botnets, SMS fraud and attacks on social networks.

So what can we expect from 2010?

According to the company executives, in the coming year we will see a shift in the types of attacks on users: from attacks via websites and applications towards attacks originating from file sharing networks.

Cybercriminals will continue to compete for traffic. The modern cybercriminal world is making more and more of an effort to legalise itself and there are lots of ways to earn money online using the huge amount of traffic that can be generated by botnets.

Today, it is mostly black-market services that compete to make use of botnet traffic. In the future, however, Kaspersky foresees the emergence of more "grey" schemes in the botnet services market.

The so called "partner programs" enable botnet owners to make a profit from activities such as sending spam, performing DoS attacks or distributing malware without committing an explicit crime.

The decline in gaming Trojans witnessed in 2009 is likely to be repeated for fake antivirus programs in this year.

The latter first made an appearance in 2007 and 2009 saw a peak in their activity and involvement in a number of major software epidemics.

The Kido worm, for example, installed a rogue antivirus program on infected computers. The fake antivirus market has now been saturated and the profits for cybercriminals have fallen. Moreover, this kind of activity is closely monitored by both IT security companies and law enforcement agencies.

This makes it increasingly difficult to create and distribute fake antivirus programs.

"Malware will become much more sophisticated in 2010 and many antivirus programs will be slow to treat infected computers due to advanced file infection methods and rootkit technologies," said Alex Gostev, Director of Kaspersky Lab's Global Research & Analysis Team.

"IT security companies will respond by developing even more complex protection tools. However, the malicious programs capable of bypassing these measures will remain more or less immune to antivirus programs for some time."

Google under attack

When it comes to attacks on web services, Google Wave looks like it will be making all the bad headlines in 2010.

Attacks on this new Google service will no doubt follow the usual pattern: first, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware.

The planned launch of the network-based Chrome OS is a noteworthy event, but the internet security analysts at Kaspersky Lab do not anticipate much interest in this platform from cybercriminals.

However, 2010 promises to be a difficult time for iPhone and Android.

The first malicious programs for these mobile platforms appeared in 2009, which is a sure sign that they have aroused the interest of cybercriminals.

The only iPhone users at risk are those with compromised devices, but the same is not true for Android users who are all vulnerable to attack.

The increasing popularity of mobile phones running the Android OS in China combined with a lack of effective program checks to ensure third-party software applications are secure will lead to a number of high profile malware outbreaks.

The detection of new vulnerabilities will remain the major cause of internet epidemics.

These vulnerabilities will be detected in both software developed by third parties (such as Adobe, Apple, etc) and in Windows 7, the new operating system that has just entered the market. If no serious vulnerabilities are detected, 2010 may well prove to be one of the quietest years for some time.

 

Keep up with the latest business news from the region with the Emirates Business 24|7 daily newsletter. To subscribe to the newsletter, please click here.

 

Comments

Comments