However the actual problem these people didn’t realize is the fact that once they publish sensitive personal data, it is helping significantly less qualified cybercriminals to commit identity fraud. Every week, a govt dept or enterprise has its information breached.

While certain high-profile attacks like Sony’s usually are meant to humiliate and spark change, the United States law-enforcement breach could represent a change in hacker thinking. AntiSec’s motivations have the symptoms of a vital difference, using the attackers purposely thinking about collateral damage like a proper weapon.

Social Networking

Experts say the way forward for adware and spyware is much more about how exactly potential sufferers is going to be specific than how it will likely be designed. Collateral damage will not be restricted to innocents jeopardized through no-fault that belong to them. Maybe you have recognized a buddy request on Facebook or linked to someone on LinkedIn you do not know? Possibly you think it is someone from soccer practice you’d ignored, or perhaps a former friend whose title had ended up the mind. Hesitant to appear rude, you recognized them like a friend and rapidly didn’t remember about this.

Experts say the future of malware is much more about how exactly possible victims is going to be targeted compared to the way it will be engineered. Collateral damages will not be limited to innocents affected through no-fault of their own. Have you ever approved a friend request on Facebook or linked to somebody on LinkedIn you don’t know? Maybe you thought it was somebody from school you would forget about, or a former colleague whose name had slipped your mind. Not wanting to seem to be impolite, you approved them as a friend and easily forgot about it.

When we take trustable decisions in social networks we forget the ramifications of its future. Everyone knows people who talk about everything they do on a social network or even website, from eating their breakfast every day to cutting their nails. While most of us consider these individuals an annoyance and may hide their status updates, cybercriminals really like them. Password-reset questions are simple to guess, an internet-based tools such as Ancestry.com, whilst not created for this purpose, supply online hackers with useful facts about guessing the passwords.

Organizational Targets

Bogus security software programs are the most common type of social-engineering strike that researchers come across. Social networking sites are not being used only to target individuals, it also attacks business. A latest attack attempt occurred where online hackers targeted professionals of a major company through their spouse. The possibilities were at least one of the businessmen might have a badly secured home Computer that he shared with his non-tech knowledgeable wife. This could provide the backdoor required gaining access to the organization. Before two years there we one or two attacks, but now it increases in 100’s a day.

Social engineering is by far the most powerful weapon in the cybercriminal’s tool kit whereas automated malware resources and hacking toolkits are number two.

Android Smartphone Threats

Smart phone threats are on an upswing, but we have yet to determine a major incident. This actually is partly due to platform fragmentation. Malware creator’s still get much better results by targeting Computers or websites.

These types of mobile platform web-based viruses represent the new frontier of malware. Nowadays, Cell phones are serving as a second identity factor for all types of corporate and business authentication schemes. Companies that used to rely on hard tokens, like RSA protocols, are moving to soft tokens, which may be launched from the mobile phones inside their corporate area. Two-factor authentication initially emerged because individuals couldn’t trust computers. Using mobile phone devices as an identification factor beats two-factor authentication.

Today, Android is the big smart phone target but don’t be blown away if attackers soon turn their focus on the iPhone – particularly if third-party antivirus programs become more or less standard on Android devices. IPhone census is appealing to attackers, and security specialists will tell you that Apple products are infamously insecure.

Apple is unwilling to provide third-party security entities using the kind of platform access they have to improve the security of iPhones, iPads, Mac Book Airs and so forth. Apple is very much on its own with security. If we’ve learned something about security in the past Two decades, it’s that another major incident is definitely looming just over the horizon.

With the quantity of IP connected devices hiking to anywhere from 50 billion to a trillion within the next five to Ten years, tomorrow’s cyber-terrorist could target everything from home alarms and air traffic-control systems to flood control in dams.

No related posts.

Adobe Acrobat and Adobe Flash will be leading the target competition by cybercriminals in 2010. Next big target will be the social networking sites like Facebook, Twitter, and MySpace etc. Microsoft predicts that Google new Chrome operating system is vulnerable to cyber attacks which are based on HTML 5 web based applications.

Malware’s new Face painting in 2010:

We saw newly created virus every few weeks and were focusing on that trending issues in troubleshooting during 2009. But in 2010 Malware will change its shape every few hours. Here are the few probably going-to-be-seen symptoms of Malware in 2010.

1. Financially Motivated Malware are to grow sharply in this year

2. Vulnerabilities in small software’s like shareware, free-ware, etc…

3. Malware may help steal information which is in-turn used for Ransom demands.

4. Hi-fi Technologies came up to hide from major Malware engines which increases effectiveness of the malware like encryption, Root-kits, code injection, polymorphic and ADS

5. Social Networking sites will be increasingly used as a distribution mechanism – Short URL’s and Spamming

6. Social Engineering Techniques will increase in 2010

7. Malware Research and Protection becomes more challenging

8. Botnets which sends Spam will be at the core of Malware threats in 2010.

9. Our traditional approach to find the Malware using File signatures and heuristic / behavioral capabilities are not enough to protect against latest threats.

10. An increase in attacks from Peer 2 Peer (P2P) and File Sharing Networks

11. Adobe Reader, Adobe Flash, Google Wave will get hit badly by the bad guys.

12. An increase in attacks on Compromised (Jail-Broken) iPhone, Smartphone and Android Mobile devices.

Who Surpasses Who?

Cybercriminals are smart enough in finding loopholes in a product which are popular. Almost all the PC’s have Microsoft and Adobe Products. When the bad guys break the security of a product using the latest methods, the vendor will implement a patch to fix that. This year Adobe will take over Microsoft in Malware Attack 2010. McAfee predicts that Adobe Reader and Adobe Flash will be the No.1 target for the cyber criminals in 2010.

Microsoft’s Windows 7 OS should be safe this year as it has proved to be much safer. Also Microsoft free Security Essentials have proved its height in catching many rogue antivirus software.

Modern Malware Trend in 2010:

1. Several organizations(parties) Involved

2. Compromised sites used to distribute malware

3. Sophisticated malware attacks

4. Key-loggers and Trojans installed on machines to gain Network Access & Steal ID’s.

5. Trading secrets and credit card numbers

6. Root-kits being deployed that evade detection at the kernel level of the OS.

Top Malware’s infected some million PC’s in 2009:

W32/Koobface.Worm targets users of social networking sites. It sends messages to Facebook friends whose computer has already been infected. Koobface variant infected Facebook, Twitter and MySpace and it also download rogue antispyware to victim’s pc.

Zeus Botnets generally spreads through driven-by-downloads which targets social networking and gaming logins. Zeus has sent out more than 1.5 million phishing messages through Facebook.

Zeus steals user information by keystroke loggings. It has the capability to self destruct. 55% infected systems by Zeus Botnets had up-to-date Antivirus installed.

Conficker/W32 (aka Downadup, Kido) generates pseudo-random domain addresses on infected hosts. It disables Automatic Updates and Security Suite’s. Conficker auto spreads on USB’s by creating autorun.inf and also exploits MS08-067 vulnerability.

1. 5 million PC infected

2. $250k for finding the creators of Conficker

Conficker is a big bomb in the malware analysis in 2009 and will still continue its strategy without any significant payloads in 2010.

Rogue Security and fake Antimalware Products:

1. It appears to the normal end user as a genuine security programs by providing fake scan reports

2. Created for Profit and information gathering and distributing to other source

3. These rogue apps are cloned easily to spread to multiple machines in various forms

4. It can be installed either manual or automatic with silent switch enabled.

5. So far more than 150 applications have been discovered

6. Leveraging Black-Hat SEO to boost site rankings

Microsoft has categorized more than 114 Fake Antivirus Softwares which got caught by Microsoft Security Essentials Antivirus Suite.

Also see the Rogue Software Anatomy from Panda Security.

Fake Email Alerts:

Real logos, well crafted email messages which will make us think it came from one of the top notch companies. Bad guys are always finding new ways in fooling a Novice user. The emails which are sent by them always contain malicious attachments which contain “call to action” triggering Trojan malware.

Examples of few Phishing Emails:

1. Phishing and Lottery Scam Emails

2. Credit balance over limit – Vodafone, Verizon, etc…

3. Package delivery from DHL, FEDEX, etc…

4. Congratulation for Winning Apple Macbook Pro, Windows 7

5. Patch notices from Adobe and Microsoft

6. Emails regarding password changes from Banks

7. A friend or a group invite message from Facebook and Twitter

Facebook and Twitter – Beware of this Beverages in 2010:

As an average surfer you will get an invite from your Facebook friends to start or play a game. That invite will appear attractive that will make you think that it may be a Farmville 2.0, but think thrice before you click it. Cyber criminal’s toolkits are evolving to use advanced technologies to increase the sophistication of the attacks, leaving the normal user blind to risks.

Major Internet Security Companies sees that users of Facebook are accepting invitations from unknown groups and events. If bad guys starts a Scam Group and send it across the network, without knowing who it is we will go ahead and accept it just for fake popularity. If you do so, your personal info will be on the Air. See this link where 133,000 members joined in a Facebook group finally found out to be a BIG SCAM.

Also an increase in Rogue Facebook Apps moves the user to install it in their account. So when you click “Yes” to “Do you want to allow this Application to access your Facebook account”, then you are providing all your personal data, wall info, pictures etc. to those application developers. Fake apps developers are finding new ways to make the user to install unauthorized apps.

In 2010 many scam and spam guys will send fake Facebook App request and friends request to your Emails. So I recommend you to install only the trusted ones within Facebook via Facebook Application Installer. Also do not accept any friends request which you don’t know as it may lead to risk of losing your information and pictures,etc…

Twitter, with its 140 character leads the world in faster communication. Twitter becoming the Phisher’s best friend as it mostly uses URL Shortening service like Bit.ly and TinyURL’s. You never know where a shortened URL is actually sending you. We expect the URL Shortening service to use effective filter features when they redirect to the original links.

Phishing Information collected by Cybercriminals on a Single Day:

· Login info for 13677 Global accounts

· 3356 credit cards

· 255 PayPal account logins

· 1038 eBay account logins

· 93 bank of America online banking account logins

· 2609 Hotmail Email account logins

Malware compromises all financial transactions. Yes it is.! Of course that’s the main objective of the creators of the malware’s too. Here are the few things categorized for your attention.

Federal Deposit Insurance Corporation (FDIC) warned about the increase in the losses from unauthorized Electronic Fund Transfers (EFTs)

WashingtonPost website reports that in 4 months period 4.1 million credit card numbers are deposited into the phishing account. Plenty of workstations are compromised via non-zero day vulnerabilities.

Webroot’s Threat forecast for 2010:

Fake and Rogue Antimalware Apps (Antivirus 2009, malware Protector 2009, IE Defender, Antispy and the list goes on…) will increase drastically.

Blackhat SEO is against Search Engines TOS, which attempts to redirect search results to particular Rogue Antivirus websites to gain users to visit their website

Mobile device threats

Fake email alerts

Threats utilizing and targeting social networks.

AVG’s Threat Forecast for 2010:

AVG says that Security threats in 2010 will be nastier and more targeted and well organized as it is motivated for Money. It also says that in 2010 cybercriminals can create and deploy thousands of unique pieces of malware without any unique signatures which in-turn bypasses the signature-based antivirus software’s.

Trend Micro future threat report 2010:

Malware is changing its shape every few hours.
Drive-by infections tend to increase where the user visits the suspicious website one time is enough to get infected.
New sophisticated attacks will increase for Virtualization and Cloud Computing.
Bots cannot be knocked out anymore, and will be around forever in the World Wide Web.
Companies which have less security online and social networks will continue to be shaken by data breaches.

How to protect yourself from Virus and Spyware:

Keep your Windows up-to-date via Windows Updates.

Keep your Antivirus, Internet security, Antimalware Software up-to-date periodically.

Scanning USB’s, CD’s – Nothing comes in – goes out without undergoing in-depth scanning.

Avoid downloading any file from File sharing programs like Limewire and torrents downloads.

Any Archives (Zip, Rar, etc) need to be scanned before executed or opening.

Don’t click on any pop-ups alerting you for patch updates like adobe acrobat, java, flash player, active-x plug-ins, etc…

Don’t open any phishing or advertisement emails attachments from your Inbox.

Always have a backup of your data. Remember the old saying, Prevention is better than Cure.

Search Online in the search engines cautiously.

Beware of new plug-in downloads, updates to existing plug-in, new apps downloads, updates to existing apps – If you think it could be legitimate then go to the website of the vendor of the plug-in or applications and download it from there.

Use Link scanners like AVG and McAfee inside your browsers while surfing the Internet to find out which ones are good and which are bad.

Note: If I miss any points above, let me know in the comments section. It will get updated.

Finally What?

Understand the risks and stay safer on the web. Browse cautiously, have a good security suite and stay protected.

If we better understand the threat, we can increase our chances of dealing with it.

Good Luck and have a very Happy Malware-Free New Year 2010 Ahead.

Your feedback is valuable to us and the public. Comment your thoughts about this Research Article and also don’t forget to share it across. Happy New Year 2010.

Related posts:

1. Echo Antivirus 2010 Removal Guide
2. Get Free full version product key for TuneUp Utilities 2010
3. A Digital Pollution warning on Safer Internet Day 2010