Symantec Rubs the 2010 Malware Crystal Ball

image We’ve long made the point on this Blog, that the Internet has turned into a playground for cyber-criminals. Further, we have made the point, and continue to make the point, that while the Internet may be a playground for criminals, there is little doubt – it is a minefield for the rest of us.

This past year, particularly in recent months, a number of tech writers employed by some of the larger company sponsored Blogs, have written of their troubling experiences following a rogue software infection on their personal machines. Technical sophistication then, may not be enough to ensure one’s security and safety on the Internet – it takes more than that.

Stumbling through the Internet landscape just won’t do. Surrounding your machine with every conceivable anti-malware application available, will not offer the protection needed to surf the Internet safely. You, and you alone, are the best protection against malware, scams, identity theft, and the host of additional dangers we all face on the Internet.

Being aware of the shape of the Internet landscape, and the potential changes that may occur in that landscape, now, more than ever, is a necessity – a prerequisite to protecting yourself and your computer from cybercriminal attack. Forewarned is forearmed, needs to be your guiding light – appropriate knowledge will act as your shield.

This year (2009), has been a record year for rogue security software ( with over 20,000 application currently in circulation), and Symantec Hosted Services, in a new report, predicts 2010 will offer no improvement.

Since knowledge is a principal key to Internet safety, the following report, courtesy of MessageLabs Intelligence and Symantec, will help prepare you for what is likely to be an onslaught of criminal activity on the Internet in 2010.

Security Trends to Watch in 2010:

Antivirus is Not Enough – With the rise of polymorphic threats and the explosion of unique malware variants in 2009, the industry is quickly realizing that traditional approaches to antivirus, both file signatures and heuristic/behavioral capabilities, are not enough to protect against today’s threats. We have reached an inflection point where new malicious programs are actually being created at a higher rate than good programs. As such, we have also reached a point where it no longer makes sense to focus solely on analyzing malware. Instead, approaches to security that look to ways to include all software files, such as reputation-based security, will become key in 2010.

Social Engineering as the Primary Attack Vector – More and more, attackers are going directly after the end user and attempting to trick them into downloading malware or divulging sensitive information under the auspice that they are doing something perfectly innocent. Social engineering’s popularity is at least in part spurred by the fact that what operating system and Web browser rests on a user’s computer is largely irrelevant, as it is the actual user being targeted, not necessarily vulnerabilities on the machine. Social engineering is already one of the primary attack vectors being used today, and Symantec estimates that the number of attempted attacks using social engineering techniques is sure to increase in 2010.

Rogue Security Software Vendors Escalate Their Efforts – In 2010, expect to see the propagators of rogue security software scams take their efforts to the next level, even by hijacking users’ computers, rendering them useless and holding them for ransom. A less drastic next step, however, would be software that is not explicitly malicious, but dubious at best. For example, Symantec has already observed some rogue antivirus vendors selling rebranded copies of free third-party antivirus software as their own offerings. In these cases, users are technically getting the antivirus software that they pay for, but the reality is that this same software can actually be downloaded for free elsewhere.

Social Networking Third-Party Applications Will be the Target of Fraud – With the popularity of social networking sites poised for another year of unprecedented growth, expect to see fraud being leveraged against site users to grow. In the same vein, expect owners of these sites to create more proactive measures to address these threats. As this occurs, and as these sites more readily provide third-party developer access to their APIs, attackers will likely turn to vulnerabilities in third-party applications for users’ social networking accounts, just as we have seen attackers leverage browser plug-ins more as Web browsers themselves become more secure.

Windows 7 Will Come into the Cross-Hairs of Attackers – Microsoft has already released the first security patches for the new operating system. As long as humans are programming computer code, flaws will be introduced, no matter how thorough pre-release testing is, and the more complex the code, the more likely that undiscovered vulnerabilities exist. Microsoft’s new operating system is no exception, and as Windows 7 hits the pavement and gains traction in 2010, attackers will undoubtedly find ways to exploit its users.

Fast Flux Botnets Increase – Fast flux is a technique used by some botnets, such as the Storm botnet, to hide phishing and malicious Web sites behind an ever-changing network of compromised hosts acting as proxies. Using a combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection, it makes it difficult to trace the botnets’ original geo-location. As industry counter measures continue to reduce the effectiveness of traditional botnets, expect to see more using this technique being used to carry out attacks.

URL Shortening Services Become the Phisher’s Best Friend – Because users often have no idea where a shortened URL is actually sending them, phishers are able to disguise links that the average security conscious user might think twice about clicking on. Symantec is already seeing a trend toward using this tactic to distribute misleading applications and we expect much more to come. Also, in an attempt to evade antispam filters through obfuscation, expect spammers to leverage shortened URLs shorteners to carry out their own evil deeds.

Mac and Mobile Malware Will Increase – The number of attacks designed to exploit a certain operating system or platform is directly related to that platform’s market share, as malware authors are out to make money and always want the biggest bang for their buck. In 2009, we saw Macs and smartphones targeted more by malware authors, for example the Sexy Space botnet aimed at the Symbian mobile device operating system and the OSX.Iservice Trojan targeting Mac users. As Mac and smartphones continue to increase in popularity in 2010, more attackers will devote time to creating malware to exploit these devices.

Spammers Breaking the Rules – As the economy continues to suffer and more people seek to take advantage of the loose restrictions of the CAN SPAM Act, we’ll see more organizations selling unauthorized e-mail address lists and more less-than-legitimate marketers spamming those lists.

As Spammers Adapt, Spam Volumes Will Continue to Fluctuate – Since 2007, spam has increased on average by 15 percent. While this significant growth in spam e-mail may not be sustainable in the long term, it is clear that spammers are not yet willing to give up as long an economic motive is present. Spam volumes will continue to fluctuate in 2010 as spammers continue to adapt to the sophistication of security software, the intervention of responsible ISPs and government agencies across the globe.

Specialized Malware – Highly specialized malware was uncovered in 2009 that was aimed at exploiting certain ATMs, indicating a degree of insider knowledge about their operation and how they could be exploited. Expect this trend to continue in 2010, including the possibility of malware targeting electronic voting systems, both those used in political elections and public telephone voting, such as that connected with reality television shows and competitions.

CAPTCHA Technology Will Improve – As this happens and spammers have a more difficult time breaking CAPTCHA codes through automated processes, spammers in emerging economies will devise a means to use real people to manually generate new accounts for spamming, thereby attempting to bypass the improved technology. Symantec estimates that the individuals employed to manually create these accounts will be paid less than 10 percent of the cost to the spammers, with the account-farmers charging $30-40 per 1,000 accounts.

Instant Messaging Spam – As cybercriminals exploit new ways to bypass CAPTCHA technologies, instant messenger (IM) attacks will grow in popularity. IM threats will largely be comprised of unsolicited spam messages containing malicious links, especially attacks aimed at compromising legitimate IM accounts. By the end of 2010, Symantec predicts that one in 300 IM messages will contain a URL. Also, in 2010, Symantec predicts that overall, one in 12 hyperlinks will be linked to a domain known to be used for hosting malware. Thus, one in 12 hyperlinks appearing in IM messages will contain a domain that has been considered suspicious or malicious. In mid 2009, that level was 1 in 78 hyperlinks.

Non-English Spam Will Increase – As broadband connection penetration continues to grow across the globe, particularly in developing economies, spam in non-English speaking countries will increase. In some parts of Europe, Symantec estimates the levels of localized spam will exceed 50 percent of all spam.

Be kind to your friends, relatives, and associates, particularly new Internet users, and let them know that these types of Internet dangers are now epidemic on the Internet. Take on the task of educating these people – it raises the level of protection for all of us.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.


Filed under Don't Get Scammed, Don't Get Hacked, Interconnectivity, Internet Security Alerts, Malware Advisories, Malware Reports, MessageLabs, Spyware - Adware Protection, Symantec, Windows Tips and Tools

5 responses to “Symantec Rubs the 2010 Malware Crystal Ball

  1. rhh

    Almost got me. But I still wonder what others do when caught in this trap? Please read on. An auto installer (malware) jumped from the screen from a google link (why can’t Google screen their links anyway?) while using my Firefox browser. I knew what had happened and ignored the malware’s popups as lies and tried to close all windows. I was only able to do so with the help of the program Smart Close, which took a few minutes but was able to get the browser closed. I ran Malwarebites Antimalware quick scan and it found two entries for autoloading malware, which we deleted. Then the real problem. Upon restarting, Firefox automatically reset itself to its previous session and opened up the same google malware site that again infected my computer. Only this time my computer locked up after running Smart Close. Only Task Manager was able to shut down the unit. If I restarted my computer I had no idea how to stop Firefox from reopening the previous session and again finding the malware link again. Plus, I figured the malware was now activated and would expand on a start up and do its thing to cripple my unit. Well, this time I got lucky as the day before I had made an image file back up via True Image Home 2009 (Acronis software) and it offers to start up during booting up, which I selected and was able to restore the system. I really wonder what others do when Firefox auto loads a previous session that includes an auto load malware?? Anyone know of approches that work?

  2. Bill,

    You stated it correctly;

    “You, and you alone, are the best protection against malware, scams, identity theft, and the host of additional dangers we all face on the Internet”.

    I tell users this all of the time…


    • Bill Mullins

      Hey Rick,

      Personal responsibility unfortunately, is a concept that continues to slip below the horizon, it seems. I’m still surprised, that at this late date, users have not grasped the concept that they need to “think”, when surfing the Internet. Frankly, I don’t see the situation changing any time soon. As tech professionals, we have no choice but to continue to pound the pavement on this issue. I have to admit though, I find it a little frustrating.


  3. Hi Bill,
    Great article, interesting to see what one of the top companies is anticipating for next years plate.
    I agree with you about personal responsibility being paramount, then again even the careful user can get into trouble. My daughter borrowed my old Thinkpad recently, she needed it for doing research for the college’s she applying too, everything seemed fine when I used the machine again. I did a routine scan and Malwarebytes found 15 Trojans and at least one rootkit. I was not amused, when I checked the browsing history though, virtually every site had been a .edu site. I looked into it and found out many .gov and .edu sites have been compromised. I’ve gone to the using “No-scripts” extension with Firefox as well as the usual tools. And frankly outside an enterprise firewall I’m beginning to question running XP at all anymore. Many applications don’t work well when running as a limited user so, you end up running as admin.
    With the number 0 day exploits these days, and the state of the internet with the use of Javascript everywhere it’s getting tough to stay safe even when following decent security protocols. I’ve begun to test running Open Solaris in a virtual machine to do any online banking or going to my eBay account. I don’t want to sound paranoid but Windows users are at risk every time they go online, I think Vista and Windows 7 are more secure than XP if you turn the (much hated) User Account Control to maximum protection but then people complain about convenience. Unfortunately convenience and security are two diametrically opposite realities its very difficult to have both while running Windows online in 2009.
    Sorry about the rant but I guess I’m a little frustrated as well.
    Hope you and your family have a good holiday season.

    • Bill Mullins

      Hey Mark,

      Your comment resonates so much, that I have just written an article in which I have incorporated it and another comment.

      When is SOMEONE going to do SOMETHING about this mess?

      Thanks for this.

      Let me return your greetings, and wish you and those you care about, “Happy Holidays”.