Kaspersky Lab Issues 2010 Cyberthreat Forecast

Hong Kong – December 30, 2009 – Kaspersky Lab, a leading developer of secure content management solutions, outlines the threats we can expect to see in 2010 as a result of cybercriminal activity.

In 2008, the company’s analysts forecast a rise in the number of global epidemics. Unfortunately, that forecast proved to be accurate: 2009 was dominated by sophisticated malicious programs with rootkit functionality, the Kido worm (also known as Conficker), web attacks and botnets, SMS fraud and attacks on social networks. So what can we expect from 2010?

According to the company’s experts, in the coming year we will see a shift in the types of attacks on users: from attacks via websites and applications towards attacks originating from file sharing networks. Already in 2009 a series of mass malware epidemics have been “supported” by malicious files that are spread via torrent portals. This method has been used to spread notorious threats such as TDSS and Virut as well as the first backdoor for Mac OS X. In 2010, we expect to see a significant increase in these types of incidents on P2P networks.

Cybercriminals will continue to compete for traffic. The modern cybercriminal world is making more and more of an effort to legalize itself and there are lots of ways to earn money online using the huge amount of traffic that can be generated by botnets. Today, it is mostly black-market services that compete to make use of botnet traffic. In the future, however, we foresee the emergence of more “grey” schemes in the botnet services market. So-called “partner programs” enable botnet owners to make a profit from activities such as sending spam, performing DoS attacks or distributing malware without committing an explicit crime.

The decline in gaming Trojans witnessed in 2009 is likely to be repeated for fake antivirus programs in 2010. The latter first made an appearance in 2007 and 2009 saw a peak in their activity and involvement in a number of major epidemics. The Kido worm, for example, installed a rogue antivirus program on infected computers. The fake antivirus market has now been saturated and the profits for cybercriminals have fallen. Moreover, this kind of activity is closely monitored by both IT security companies and law enforcement agencies. This makes it increasingly difficult to create and distribute fake antivirus programs.

“Malware will become much more sophisticated in 2010 and many antivirus programs will be slow to treat infected computers due to advanced file infection methods and rootkit technologies,” says Alex Gostev, Director of Kaspersky Lab’s Global Research & Analysis Team. “IT security companies will respond by developing even more complex protection tools. However, the malicious programs capable of bypassing these measures will remain more or less immune to antivirus programs for some time.”

When it comes to attacks on web services, Google Wave looks like it will be making all the headlines in 2010. Attacks on this new Google service will no doubt follow the usual pattern: first, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware. The planned launch of the network-based Chrome OS is a noteworthy event, but the experts at Kaspersky Lab do not anticipate much interest in this platform from cybercriminals.

However, 2010 promises to be a difficult time for iPhone and Android. The first malicious programs for these mobile platforms appeared in 2009, which is a sure sign that they have aroused the interest of cybercriminals. The only iPhone users at risk are those with compromised devices, but the same is not true for Android users who are all vulnerable to attack. The increasing popularity of mobile phones running the Android OS in China combined with a lack of effective checks to ensure third-party software applications are secure will lead to a number of high profile malware outbreaks.

The detection of new vulnerabilities will remain the major cause of epidemics. These vulnerabilities will be detected in both software developed by third parties (such as Adobe, Apple, etc.) and in Windows 7, the new operating system that has just entered the market. If no serious vulnerabilities are detected, 2010 may well prove to be one of the quietest years for some time.