Windows 7 likely to come into cross-hairs of attackers


Cyberattackers will target Windows 7 and spam volumes will spike next year, according to a recently released Symantec report covering internet security trends.

The report, entitled Security and Storage Trends to Watch, looked back to examine the top internet security trends of 2009 and offered up some likely areas of concern for the coming year.  

According to Zulfikar Ramzan, technical director, Symantec Security Response, and Paul Wood, senior analyst, MessageLabs Intelligence, discussing the findings on a conference call on Tuesday, it's difficult to pinpoint one particular key trend that has been most pervasive in 2009, but drive-by downloads and rogue security software rose to the top.

While in all of 2008, there were 18 million drive-by attempts, where attackers secretly infect internet surfers by compromising legitimate websites, in the period of August to October of 2009 alone, Symantec observed 17.4 million, said Wood.

Meanwhile, the plague of rogue security software continues to escalate. This method of attack pretends to be legitimate software and tricks unwary users into downloading malicious malware or demands ransom to "fix" a victim's computer from unrelenting pop-up ads, said Ramzan. Symantec identified 250 misleading applications that pretend to be legitimate security software. "Attackers are finding that they can make a lot of money doing this particular threat class," he said.

During 2009, malware-bearing spam also topped Symantec's list. Spam is usually thought of as annoying, but not necessarily dangerous, the report said. However, between September and October 2009, on average, more than two percent of spam emails had attached malware. This represents a nine-fold increase in the number of spam messages actually containing malware.

Another worrisome trend on the list was the fact that attacks on social networking sites became commonplace during the year. The report stated that attacks against social networking sites themselves, as well as the users of those sites, became standard practice for cybercriminals exploiting a massive number of users and a high-level of trust among those users.

"That's where the people are," said Wood. He pointed to the fact that the sites use new technology that makes it easy for users to upload content. However, this also invites exploitation by attackers. "If one machine gets compromised, another user will trust an attack that uses a 'friend's' name, Wood explained.

Attackers are also taking advantage of current events more than ever, attempting to lure internet users into downloading malware or buying products. Such calendar events, celebrity meltdowns and news flashes as Valentine's Day, NCAA March Madness, H1N1 Flu, the crash of Air France Flight 447, balloon boy and the deaths of Michael Jackson and Patrick Swayze triggered a slew of scams.

"We've reached a stage where no popular story goes unnoticed, and we can expect more of the same as major world events, such as the 2010 FIFA Soccer World Cup and Winter Olympics, get nearer," the report said.

As far as what to expect in 2010, Ramzan said we're likely to see the creators of rogue security software scams take their efforts to the next level, even by hijacking users' computers rendering them useless and holding them for ransom. Perhaps more worrisome, he said, would be counterfeit software that is not necessarily malicious, but dubious. For example, Symantec has already observed some rogue anti-virus vendors selling fake copies of free third-party anti-virus software. While users are technically getting the anti-virus software that they pay for, this same software can, in fact, be downloaded for free elsewhere.

Expect spam volumes to go up, according to Wood. This vector is being helped along by new technologies, such as URL-shortening services popularized by Twitter users. Attackers are using legitimate domains that link to spam websites that the average security-conscious user might think twice about clicking on. These sites distribute misleading applications.

And attackers are going local with their spam campaigns. Where most spam has traditionally been sent out in English, as broadband connection penetration continues to grow across the globe, the bad guys are now shifting to using local languages to broaden their attack base. They are aided in their mischief by identifying countries of origin by the extension in a URL. In parts of Europe, Symantec estimates the levels of localized spam will exceed 50 percent of all spam.

Among their other predictions is for Microsoft's release of Windows 7 to come into the cross-hairs of attackers. The Redmond, Wash.-based company has already released the first security patches for the latest version of its OS, but Ramzan says with millions of lines of code, the likelihood of flaws is unavoidable and attackers will undoubtedly find ways to exploit its users. "It's not a question of 'if', but 'when,'" he said.

Marian Merritt, Symantec's internet safety advocate, moderated the conference call.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.