Malware’s Journey 2010 – Protect yourself from Cybercriminals
MJ’s Death, Swine Flu, Windows 7, Chrome OS, Facebook, Twitter, iPhone, Conficker, Zeus, Avatar, the world was full of these stories in the year 2009. In 2010 it will be different. The major Antivirus Industries predict that the security threats and vulnerable attacks will be worse in 2010.
Adobe Acrobat and Adobe Flash will be leading the target competition by cybercriminals in 2010. Next big target will be the social networking sites like Facebook, Twitter, and MySpace etc. Microsoft predicts that Google new Chrome operating system is vulnerable to cyber attacks which are based on HTML 5 web based applications.
Malware’s new Face painting in 2010:
We saw newly created virus every few weeks and were focusing on that trending issues in troubleshooting during 2009. But in 2010 Malware will change its shape every few hours. Here are the few probably going-to-be-seen symptoms of Malware in 2010.
1. Financially Motivated Malware are to grow sharply in this year
2. Vulnerabilities in small software’s like shareware, free-ware, etc…
3. Malware may help steal information which is in-turn used for Ransom demands.
4. Hi-fi Technologies came up to hide from major Malware engines which increases effectiveness of the malware like encryption, Root-kits, code injection, polymorphic and ADS
5. Social Networking sites will be increasingly used as a distribution mechanism – Short URL’s and Spamming
6. Social Engineering Techniques will increase in 2010
7. Malware Research and Protection becomes more challenging
8. Botnets which sends Spam will be at the core of Malware threats in 2010.
9. Our traditional approach to find the Malware using File signatures and heuristic / behavioral capabilities are not enough to protect against latest threats.
10. An increase in attacks from Peer 2 Peer (P2P) and File Sharing Networks
11. Adobe Reader, Adobe Flash, Google Wave will get hit badly by the bad guys.
12. An increase in attacks on Compromised (Jail-Broken) iPhone, Smartphone and Android Mobile devices.
Who Surpasses Who?
Cybercriminals are smart enough in finding loopholes in a product which are popular. Almost all the PC’s have Microsoft and Adobe Products. When the bad guys break the security of a product using the latest methods, the vendor will implement a patch to fix that. This year Adobe will take over Microsoft in Malware Attack 2010. McAfee predicts that Adobe Reader and Adobe Flash will be the No.1 target for the cyber criminals in 2010.
Microsoft’s Windows 7 OS should be safe this year as it has proved to be much safer. Also Microsoft free Security Essentials have proved its height in catching many rogue antivirus software.
Modern Malware Trend in 2010:
1. Several organizations(parties) Involved
2. Compromised sites used to distribute malware
3. Sophisticated malware attacks
4. Key-loggers and Trojans installed on machines to gain Network Access & Steal ID’s.
5. Trading secrets and credit card numbers
6. Root-kits being deployed that evade detection at the kernel level of the OS.
Top Malware’s infected some million PC’s in 2009:
W32/Koobface.Worm targets users of social networking sites. It sends messages to Facebook friends whose computer has already been infected. Koobface variant infected Facebook, Twitter and MySpace and it also download rogue antispyware to victim’s pc.
Zeus Botnets generally spreads through driven-by-downloads which targets social networking and gaming logins. Zeus has sent out more than 1.5 million phishing messages through Facebook.
Zeus steals user information by keystroke loggings. It has the capability to self destruct. 55% infected systems by Zeus Botnets had up-to-date Antivirus installed.
Conficker/W32 (aka Downadup, Kido) generates pseudo-random domain addresses on infected hosts. It disables Automatic Updates and Security Suite’s. Conficker auto spreads on USB’s by creating autorun.inf and also exploits MS08-067 vulnerability.
1. 5 million PC infected
2. $250k for finding the creators of Conficker
Conficker is a big bomb in the malware analysis in 2009 and will still continue its strategy without any significant payloads in 2010.
Rogue Security and fake Antimalware Products:
1. It appears to the normal end user as a genuine security programs by providing fake scan reports
2. Created for Profit and information gathering and distributing to other source
3. These rogue apps are cloned easily to spread to multiple machines in various forms
4. It can be installed either manual or automatic with silent switch enabled.
5. So far more than 150 applications have been discovered
6. Leveraging Black-Hat SEO to boost site rankings
Microsoft has categorized more than 114 Fake Antivirus Softwares which got caught by Microsoft Security Essentials Antivirus Suite.
Also see the Rogue Software Anatomy from Panda Security.
Fake Email Alerts:
Real logos, well crafted email messages which will make us think it came from one of the top notch companies. Bad guys are always finding new ways in fooling a Novice user. The emails which are sent by them always contain malicious attachments which contain “call to action” triggering Trojan malware.
Examples of few Phishing Emails:
1. Phishing and Lottery Scam Emails
2. Credit balance over limit – Vodafone, Verizon, etc…
3. Package delivery from DHL, FEDEX, etc…
4. Congratulation for Winning Apple Macbook Pro, Windows 7
5. Patch notices from Adobe and Microsoft
6. Emails regarding password changes from Banks
7. A friend or a group invite message from Facebook and Twitter
Facebook and Twitter – Beware of this Beverages in 2010:
As an average surfer you will get an invite from your Facebook friends to start or play a game. That invite will appear attractive that will make you think that it may be a Farmville 2.0, but think thrice before you click it. Cyber criminal’s toolkits are evolving to use advanced technologies to increase the sophistication of the attacks, leaving the normal user blind to risks.
Major Internet Security Companies sees that users of Facebook are accepting invitations from unknown groups and events. If bad guys starts a Scam Group and send it across the network, without knowing who it is we will go ahead and accept it just for fake popularity. If you do so, your personal info will be on the Air. See this link where 133,000 members joined in a Facebook group finally found out to be a BIG SCAM.
Also an increase in Rogue Facebook Apps moves the user to install it in their account. So when you click “Yes” to “Do you want to allow this Application to access your Facebook account”, then you are providing all your personal data, wall info, pictures etc. to those application developers. Fake apps developers are finding new ways to make the user to install unauthorized apps.
In 2010 many scam and spam guys will send fake Facebook App request and friends request to your Emails. So I recommend you to install only the trusted ones within Facebook via Facebook Application Installer. Also do not accept any friends request which you don’t know as it may lead to risk of losing your information and pictures,etc…
Twitter, with its 140 character leads the world in faster communication. Twitter becoming the Phisher’s best friend as it mostly uses URL Shortening service like Bit.ly and TinyURL’s. You never know where a shortened URL is actually sending you. We expect the URL Shortening service to use effective filter features when they redirect to the original links.
Phishing Information collected by Cybercriminals on a Single Day:
· Login info for 13677 Global accounts
· 3356 credit cards
· 255 PayPal account logins
· 1038 eBay account logins
· 93 bank of America online banking account logins
· 2609 Hotmail Email account logins
Malware compromises all financial transactions. Yes it is.! Of course that’s the main objective of the creators of the malware’s too. Here are the few things categorized for your attention.
Financial Data Theft |
Identity Data Theft |
Productivity Threats |
| CC Number
CVV Number Expiration date PIN number Bank Account Logins |
Unauthorized access to confidential information
Stolen user IDs and Passwords Addresses Social Security Number Birth Date Mother’s Maiden Name Tax-ID Numbers |
Network performance is gradually decreased including the bandwidth
Unwanted Internet traffic which comes and goes from your PC Changes to the Internet Browser homepages and search engines Conflicts between Applications and Malware which causes malfunctioning of the programs |
Federal Deposit Insurance Corporation (FDIC) warned about the increase in the losses from unauthorized Electronic Fund Transfers (EFTs)
WashingtonPost website reports that in 4 months period 4.1 million credit card numbers are deposited into the phishing account. Plenty of workstations are compromised via non-zero day vulnerabilities.
Webroot’s Threat forecast for 2010:
Fake and Rogue Antimalware Apps (Antivirus 2009, malware Protector 2009, IE Defender, Antispy and the list goes on…) will increase drastically.
Blackhat SEO is against Search Engines TOS, which attempts to redirect search results to particular Rogue Antivirus websites to gain users to visit their website
Mobile device threats
Fake email alerts
Threats utilizing and targeting social networks.
AVG’s Threat Forecast for 2010:
AVG says that Security threats in 2010 will be nastier and more targeted and well organized as it is motivated for Money. It also says that in 2010 cybercriminals can create and deploy thousands of unique pieces of malware without any unique signatures which in-turn bypasses the signature-based antivirus software’s.
Trend Micro future threat report 2010:
Malware is changing its shape every few hours.
Drive-by infections tend to increase where the user visits the suspicious website one time is enough to get infected.
New sophisticated attacks will increase for Virtualization and Cloud Computing.
Bots cannot be knocked out anymore, and will be around forever in the World Wide Web.
Companies which have less security online and social networks will continue to be shaken by data breaches.
How to protect yourself from Virus and Spyware:
Keep your Windows up-to-date via Windows Updates.
Keep your Antivirus, Internet security, Antimalware Software up-to-date periodically.
Scanning USB’s, CD’s – Nothing comes in – goes out without undergoing in-depth scanning.
Avoid downloading any file from File sharing programs like Limewire and torrents downloads.
Any Archives (Zip, Rar, etc) need to be scanned before executed or opening.
Don’t click on any pop-ups alerting you for patch updates like adobe acrobat, java, flash player, active-x plug-ins, etc…
Don’t open any phishing or advertisement emails attachments from your Inbox.
Always have a backup of your data. Remember the old saying, Prevention is better than Cure.
Search Online in the search engines cautiously.
Beware of new plug-in downloads, updates to existing plug-in, new apps downloads, updates to existing apps – If you think it could be legitimate then go to the website of the vendor of the plug-in or applications and download it from there.
Use Link scanners like AVG and McAfee inside your browsers while surfing the Internet to find out which ones are good and which are bad.
Note: If I miss any points above, let me know in the comments section. It will get updated.
Finally What?
Understand the risks and stay safer on the web. Browse cautiously, have a good security suite and stay protected.
If we better understand the threat, we can increase our chances of dealing with it.
Good Luck and have a very Happy Malware-Free New Year 2010 Ahead.
Your feedback is valuable to us and the public. Comment your thoughts about this Research Article and also don’t forget to share it across. Happy New Year 2010.
Related posts: