The Cybercriminal's Mid-Year Report Card: Symantec

Shantanu Ghosh, Vice President, India Product Operations, Symantec, has made a few predictions of what is expected in 2010.

The predictions are:

• Antivirus is not enough – With the rise of polymorphic threats and the explosion of unique malware variants in 2009, the industry is quickly realising that traditional approaches to antivirus, both file signatures and heuristic/behavioural capabilities, are not enough to protect against today’s threats.
• Rogue Security Software Vendors Escalate Their Efforts – In 2010, expect to see the propagators of rogue security software scams take their efforts to the next level, even by hijacking users’ computers, rendering them useless and holding them for ransom. A less drastic next step, however, would be software that is not explicitly malicious, but dubious at best.
• Social Networking Third-Party Applications Will be the Target of Fraud – With the popularity of social networking sites poised for another year of unprecedented growth, expect to see fraud being leveraged against site users to grow. In the same vein, expect owners of these sites to create more proactive measures to address these threats. As this occurs, and as these sites more readily provide third-party developer access to their APIs, attackers will likely turn to vulnerabilities in third-party applications for users’ social networking accounts.
• Windows 7 Will Come into the Cross-Hairs of Attackers – Microsoft has already released the first security patches for the new operating system. as Windows 7 hits the pavement and gains traction in 2010, attackers will undoubtedly find ways to exploit its users.
• Mac and Mobile Malware Will Increase – The number of attacks designed to exploit a certain operating system or platform is directly related to that platform’s market share, as malware authors are out to make money and always want the biggest bang for their buck.
• Instant Messaging Spam – As cybercriminals exploit new ways to bypass CAPTCHA technologies, instant messenger (IM) attacks will grow in popularity. IM threats will largely be comprised of unsolicited spam messages containing malicious links, especially attacks aimed at compromising legitimate IM accounts. By the end of 2010, Symantec predicts that one in 300 IM messages will contain a URL.