2009 Web Security Threats May Appear in 2010

Gerhard Eschelbeck, CTO at Webroot, a security vendor, alerted computer users that cyber crooks aiming for malware attacks had developed innovative methods this year (2009). These methods gave a preview of malware scenario one could expect during 2010, as reported by Messagingwire on November 23, 2009.

The first malware reported during 2009 has been "Induc," a virus that spreads infection using an exclusive method. While normally malicious programs are injected into users' computers through e-mail or the Web, Induc penetrates through the development sequence (or chain), notes Eschelbeck, as reported by Internetnews on November 20, 2009.

The reports state that 'Induc' made its debut during late-August 2009 by infecting a development tool called 'Delphi Windows.' During attack, it injects itself into one of the Delphi programs and then becomes invisible by exiting from the processes that might be still running. Moreover, during the whole process, it contaminates files all along. Consequently, anyone developing an application in the context of a contaminated Delphi could develop malware into his program.

The second malware reported, OSX.Iservice, has also appeared during the early 2009 and it too could pose significant troubles in 2010. The malware, which bears Trojan characters, is packaged with some parts of the trial edition of the authorized Apple iWork'09. However, it contains an installer called 'iWorkServices.pkg.' The installer-laden iWork'09 is named as the iWork09.zip file with a size of about 450MB, while the genuine trial edition is called iWork09Trial.dmg and sized about 451MB.

Another threat, which emerged during 2009, is a Trojan named 'Sninfs' that exploits well-known micro-blogging website 'Twitter' for the distribution of its command-and-control data.

Indeed, it seems that attacks against social-networking websites will keep on rising, especially against Twitter and Facebook because of the high ROI (Return on Investment) for cyber criminals utilizing such sites to launch URL-based assaults. Predictably, this tendency will become intensive via user-generated content, shortened links, videos, etc.

Besides, phishing e-mails and websites are growing and giving a "real-feel" as the 'Verified by Visa' scam recently demonstrated. Thus, IT directors, security vendors and consumers are all on alert, while this threat too could lurk over the security landscape of 2010.

Related article: “Loopholes did not cause online banking thefts”: ICBC

» SPAMfighter News - 12/3/2009