Cyberattackers are on the verge of creating trojans that take advantage of social networking websites and Web 2.0 technologies, according to researchers at Finjan.
Calling the new genre of malware “Trojan 2.0,” the San Jose, Calif.-based company predicted that attackers will capitalize on end-users’ trust of social networking sites — and the legitimate web services they offer — to launch corporate espionage, spam and phishing attacks this year.
Finjan cited data showing cyberattackers’ growing reliance on web-based attacks — moving away from email-based attacks — in its report on the fourth quarter of last year.
“Attacks will become more sophisticated by combining several services in order to heighten infection ratios and decrease the detection rate, while providing more robust and scalable attack frameworks,” Yuval Ben-Itzhak, chief technology officer, Finjan, said in a news release. “The focus will be on trojan technology as it enables maximum flexibility in terms of command and control. This adds another potentially malicious element to the ‘legitimate’ web traffic that needs to be examined by security solutions.”
Reports of hijacked widgets on social networking sites are proof that cybercriminals are beginning to adjust their tactics for a new generation of websites, according to Finjan.
Earlier this month, researchers at Fortinet discovered what is believed to be the first malicious widget on ultra-popular social networking site Facebook.
The threat invited end-users to discover their “secret crush” before seeding PCs with adware. The widget’s creator also urged recipients to send the software to five friends.
Finjan’s fourth quarter report also cited the late-2007 emergence of a thriving cybercrime market, where malware was traded for large sums of money as part of a “Criminal-2-Criminal” business model.