This is my own list. There have been many more but I consider these to be the top five:
SEO poisoning has become widespread
Search Engine Optimization techniques have been used by webmasters for quite some time now to promote their sites and appear higher in search engines result lists. During 2009, malicious groups have taken advantage of many of these techniques in order to position bad links very high in search engine results. The scary part is that the bad guys scour the web and study the latest search trends in order to compromise the most likely searches. These have included big events such as the death of Michael Jackson or the latest "Survivor" TV show finalists. They also take advantage of big shopping campaigns such as Christmas, Halloween or Independence Day. Clicking on any link is becoming dangerous and this includes especially Google and other search engine results.
0-day holes in Adobe Reader: PDFs under attack
The interest that some underground groups are showing for pdf reader vulnerabilities are a proof of the popularity of the platform. The fact that most users are blissfully unaware of the dangers of pdf documents is more of a security concern than the ease with which code crackers are succeeding at finding holes. During 2009 there have been many browser plug-in technologies under attack. Not only pdf readers but also flash, winzip and others. This refinement of the browser vulnerability attack is a natural evolution of the classic "click here on this pretty link" infection vector, which nowadays doesn't only utilize html to run malicious code but also pdfs, zips, flash files, etc.
Social Networking sites as infection vectors: Koobface
Seeing how social networking web sites have grown immensely these last 12 months, it's not surprising that the bad guys have decided to attack their users. These sites allow users to create their own profile and add their friends in order to see their updates, pictures and other shared content. Once a real user adds a fake profile with bad intentions, he'll be receiving bad links which may potentially infect him. Once infected, the real user will be posting bad links himself, thereby compromising and infecting his own friends. This makes for a powerful worm which has successfully infected lots of users during 2009 and their creators have added support for quite a few networking sites, such as Facebook, Twitter, Hi5, Bebo and the like.
Make-your-own-botnet kits become popular
The Russian underground, in one of its most recent strokes of genius started offering powerful bots for sale. Anybody can create their own sophisticated botnet with command and control software and custom information-stealing capabilities included. This means that we are finding more mini-custom-botnets and not so many big botnets anymore. Conficker being an exception, most modern botnets are medium to small-sized and very focused to either creating spambots or stealing bank or other credentials. With smaller criminal outfits blossoming, the picture we had of big criminal organizations is becoming fuzzier.
Fake Antivirus schemes bloom
Affiliation programs are as old as the first commercial web sites. This is a method to let others spread word about your site and give them something in return. Traditionally, salesmen have worked on commission and this is no different. Scams such as the fake antivirus software are a few years old but their prevalence during 2009 has grown exponentially thanks to their affiliation programs. For every sucker that pays for a fake antivirus, the intermediary gets a nice commission so all criminal outfits have signed up to become intermediaries. From the Koobface worm gang to all the botnet kits: zeus, bredolab and the rest... all of them have one thing in common: they end up installing a fake antivirus software in their infected victims. Money talks.
This is my summation of 2009 in matters of security. Feel free to share your own or any other opinion...
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment