Social-networking sites like Facebook and Twitter can expect more attention from cybercriminals in 2010, according to a new report (PDF) released Tuesday by McAfee Labs. Also at risk are users of Adobe Systems products including Acrobat Reader and Flash. And move over Microsoft; the security firm predicts that Google’s Chrome OS will “create another opportunity for malware writers to prey on users.”
The company also anticipates smarter and more dangerous Trojans that “follow the money,” as well as a “significant trend toward a more distributed and resilient botnet infrastructure that relies much more on peer-to-peer technologies.”
In a recorded interview (scroll down for audio) David Marcus, McAfee Labs’ director of security research and communications, said that he expects “an explosion of Facebook and other services targeted by cybercriminals.” In addition to malware like Koobface that spreads among Facebook users’ friends list, Marcus expects an increase in rogue Facebook applications.
“When you click yes to ‘do you want to allow this application to access your Facebook account,’ you’re giving that application access to all the data in your Facebook account,” he said. Facebook vets the third-party applications that it distributes, but rouge developers are finding other ways to get people to install unauthorized apps.
“A lot of the spammers and scammers will send fake Facebook application requests to users’ inboxes,” he said. Marcus recommends that you only install apps from within Facebook by clicking “browse more applications” in the Facebook application installer.”
According to McAfee, Twitter is vulnerable mostly because of URL-shortening services like bit.ly and tinyurl.com. There’s nothing wrong with Twitter or these services, but when you click on a shortened URL you have no idea where you’re going until after you get there. I would like to see a URL-shortening service that vets each URL for security and rejects those that are potentially dangerous. Twitter, according to the McAfee report is “also serving as a control vehicle for botnets.”
Criminals are now being more surgical in their attacks, singling out individuals and corporations as targets. The report points to the 10-month investigation of “GhostNet,” which McAfee Labs describes as a “network of at least 1,295 compromised computers in 103 countries” that “primarily belonged to government, aid groups, and activists.” The malicious code was delivered by e-mail with subject headings related to the Dali Lama and Tibet, according to the report.
The report also sites “a very targeted wave of attacks against the management of major companies,” as well as attacks carried out against “journalists from various media organizations, including Agence France Press, Dow Jose and Reuters based in China.”
Adobe products and Google Chrome vulnerable
Adobe products, especially its Acrobat Reader and Flash, are likely to replace Microsoft Office as the No. 1 software target, according to McAfee. It’s nothing they’ve (Adobe) done wrong,” Marcus said. “The bad guys go where the masses go” and because of the increasingly widespread use of Adobe products, “that tends to be what the bad buys will start looking to exploit. It really is nothing more sophisticated than that.”
Criminals are infecting PDF files and leveraging exploits in the opening of PDF documents, according to Marcus.
“Instead of viewing a PDF you’re actually taken to a website that downloads some type of malware to your machine.” Adobe plans to patch a critical hole in Reader and Acrobat on January 12.
There is also concern about Google’s Chrome operating system, which is expected to be officially released in 2010. Chrome, which will run Web-based applications, is likely to be vulnerable to attacks in HTML 5–the newest version of the hyper-text markup language that, says the report, “holds all the promises that today’s Web community seeks–primarily blurring and removing the lines between a Web application and a desktop application.”
McAfee also warned of banking Trojans with “new tactics that went well beyond the rather simple keylogging-with-screenshots” that were used earlier. Trojans now use rootkit techniques to hide on a victim’s system to disable antivirus software.
“Often the victim’s computer becomes part of a botnet and receives malware configuration updates,” the report said.
For more on the threats on Facebook and Twitter read “Using Facebook and Twitter safely” on CNET.
Cause for optimism
The report did end with some optimism, calling 2009 a good year for law enforcement. In November 2009, the U.S. Department of Justice indicted nine individuals “from Russia, Moldova, and Estonia who were allegedly responsible for $9 million in customer payroll data compromises at RBS WorldPay.”
The year also “saw the conviction of the infamous “Godfather of Spam,” Alan Ralsky of Michigan, and his criminal syndicate, which was responsible for generating a significant portion of the world’s unsolicited e-mail,” McAfee said.
“You started to see that not a lot of resiliency was built into some of those botnets, they were taken down, and poof they disappeared for very long periods of time,” Marcus said. He said he thinks “the bad guys will learn from that and build in some redundancy,” but he remains optimistic. “The good guys and regular users are getting tired of getting exploited and we’re finally starting to see more offensive and aggressive take downs of botnets…we’re starting to see people wanting to take back the Internet.”