G DATA Software AG: Antivirus, Virenschutz, Virenscanner, Internet Security

More massive web server attacks
Ever more infections take place via websites which have previously been captured by criminals. Sites with weak passwords and security holes in their web applications are automatically traced and compromised. Once attackers have created access to a web server, they can use it to offer malware programs for download. But even more devious are so-called drive-by downloads, in which background attempts are made to exploit security holes in the browser or its components so that the computer can be taken over unbeknown to the user.

Although some website operators have seen the writing on the wall, there are many more weakly defended websites, which in the coming year, will be increasingly targeted by the malware society.

Social networks and Web 2.0
Web 2.0 offers the Internet surfer many new possibilities including route planning, word processing, Internet radio, games and social networks. Using the underlying technology, AJAX (Asynchronous Javascript and XML), the web page need no longer be recreated with every click because a constant background data flow supplies the required information. Unfortunately this mechanism also offers a series of attack points. Similarly to desktop programs, web applications are also not free from programming errors which can also be used to spread malware. Since the start of the year, the Internet worm Koobface has made extensive use of Facebook, MySpace and many other social networks to send itself to all of the saved contacts. The malware potential available here is a long way from being fully exhausted and no doubt it will increase again in the coming year.

Data theft & phishing
The number of data incidents is continuously increasing. During the course of the year quite a few banks had to replace customer credit cards because their data had been stolen.

Classical phishing is not the only cause of data loss. Bank data in particular are also being collected using spyware and key loggers and then sent on to the attackers.

In the meantime, classical phishing is moving away from online banking. It is increasingly rare that the recipient of a mass mailing will be enticed to access a bogus website under some pretext or another so that he can enter his access data, however well it copies the "feel" of the original site. English and American banks as well as PayPal represent exceptions to this rule, because they require only a login name and password before full access to the site is provided.

However in the meantime many banks have introduced extensive protection measures, although there are still many Internet services, where the only access protection is a login name and password. Email accounts (e.g. MSN, Yahoo, Google), social networks (e.g. Facebook, Twitter, MySpace), online auctions (e.g. eBay) and online games (e.g. WoW) are now frequent targets for attack. These attacks bear all the hallmarks of the black economy:

•     Public email accounts present a problem to reputation-based spam filters
•     The data from social networks are worth money on the black market
•     Spam in forums continues to be a menace
•     The accounts from and objects in online games can be sold on hijacked eBay accounts amongst other approaches.

Widespread phishing is not the only risk. Information offered on public websites and in social networks about companies and their employees, may be used to make targeted attacks on particular individuals within a company. Such methods are referred as spear-phishing or even whale-phishing. For example, the sales manager may receive an email specially tailored for him, which includes a manipulated PDF, "Offer.pdf", as an attachment. Such targeted attacks against the assumed to be big fish of a company can lead to serious data losses.

For both types of phishing, as well as for all the other types of data theft, there is a large market. We are assuming that if things carry on true to form, even more data will be stolen in 2010 than this year.

Windows 7
With Windows 7, Microsoft has largely overcome the "teething problems" of Vista. Since its market introduction in October 2009, only a few critical voices have been heard and it is readily apparent that Windows 7 will find its way onto customer computers. Unfortunately the safety settings of Windows 7 are somewhat weaker than those of Windows Vista. Hence it's fairly likely that malware will also make the shift. The first scareware attacks matched to Windows 7 have already been seen.

The early bird...
Even the very first computer viruses tried to hide from virus detection. One tactic the viruses use is to become active before their opponents when the system boots. Only if a virus is active first, can it avoid the actions of the protection program. Hence the boot sector was always a preferred target of the first viruses. More recent rootkits reside in the hard disk boot sector and hence are loaded long before the operating system and virus protection. At first the MBR rootkit was just an item of academic interest but now it forms part of a few widely distributed virus families. And the next generations are already under starter's orders. In the coming years we will see more malware which will make use of highly complex technologies to exploit the security holes in the hardware and software components that are used during boot-up.

Virtual clouds
In the meantime, the virtualisation of software, operating systems and hardware has been supported by the latest CPU chip sets. Consequently using virtual machines is becoming ever easier and more efficient. The sealed-off environments also offer new opportunities to protect the computer and its data. The attackers have still to react to this and we are expecting malware that attacks the popular virtualisation programs.

The virtualisation of computers within the company not only provides a number of advantages for administrators as well as improved usability, it can also be a financial benefit. However this takes on a new dimension, if the virtualisation no longer takes place on individual computers, but rather on a server, managing lots of virtualised computers. A malware program that succeeds in breaking out of the virtual machine and accessing the underlying system, can now read, manipulate or render inaccessible the data of all the computers running on the server. This also applies to service providers, who offer computing power on demand. This inexpensive and flexibly available computer power is of particular interest to companies and some are seriously thinking about outsourcing certain computations to such service providers. In such cases however, data sensitivity is often not sufficiently considered. The infrastructure of these service providers is likewise on virtual machines. If a malware program breaks out here, then it can access the data of multiple companies.

Exactly the same applies to private individuals. Whoever outsources image processing, word processing and spreadsheet calculations to an anonymous online server, need not be surprised if his emails, word processing and calculations wind up in strange hands.

The more companies and individuals make use of cloud services, the more attractive such platforms will become to attackers. It is quite possible that the coming year will provide the first evidence of such serious attacks.

The war against the underworld economy
Many Internet users have in the meantime become accustomed to the drawbacks of Internet use: spam, Internet worms, phishing sites, etc. However some genuine counter movements have also become established, which are constantly gaining in clout. An impressive example of their effectiveness was the end of McColo where once the server of this company could no longer be reached at the end of 2008, spam volumes fell from one day to the next by 1/3 and took several months to recover. Ever more initiatives and cooperative ventures are being formed, which are targeted at the core components of the infrastructure of online criminals - especially the botnets.

Botnets, zombie computers joined together in large networks, are in 80% of all cases private computers. Unfortunately many users do not understand the consequences of an infection for other Internet users. Hopefully the coming year will see Internet users, criminal prosecutors and IT security specialists working more closely together. Perhaps the coming year will also see concerted action to raise the awareness of Internet users and thus withdraw the criminals' most important tool, the botnets.

Forecast for 2010

•     Web 2.0 applications form the target for many varied  and new attacks
•     The expansion of cloud services is increasingly attracting cyber criminals onto the scene
•     The malware society will probably continue increasing the number of compromised websites with incorporated malicious software
•     Phishing remains attractive to the black economy. In particular, spear phishing could well increase
•     Malware is being technically and visually matched to Windows 7
•     Rootkits are becoming ever more complex