Malware: Looking Back and Looking Ahead

A look at the biggest threats of 2010 and what to watch out for this year
Jan 2011
by Robin Wark

In 2010, ParetoLogic Spyware Analysis Team (SWAT) leader Jerome Segura encountered variants of two malware families over and over: Zeus and SpyEye.

Although first identified in 2007, the password stealing Trojan horse that is Zeus continued to gallop in 2010. The malware is known by many variants and monikers, including Zbot, Kneber and Gorhax. Zeus and its variants generally try to find a way onto your machine via a drive-by download or a phishing scam.

"Each infected computer is part of the Zeus botnet (network of compromised computers), whose size is estimated at several millions in the US alone," Segura said.

In October, the U.S.'s FBI said it had uncovered a major crime network that used Zeus to hack into American computers and steal about $70 million. In July of last year Trusteer, a security firm, reported that credit cards from 15 U.S. banks had been compromised by the malicious software.

Similar malware – known as SpyEye – became more prevalent online in 2010. SpyEye was designed to steal private data, including credit card and banking credentials.

It was first noticed on Russian hacking forums in December of 2009, Segura said. The author called it the "Zeus killer" and there were reports that it removed the rival malware before installing itself. In late 2010, there were reports that developers had merged the coding of Zeus and SpyEye to create a hybrid.

Other 2010 threats
While Stuxnet was not a major threat to average users, this computer worm grabbed headlines in 2010 because of its relation to nuclear power plants and Iran, Segura said. Once it was on a network computer, Stuxnet attempted to infect other machines and gain privileges. It tried to gain control of a particular model of the Programmable Logic Controller (PLC). This industrial control system runs automated processes, usually in such settings as oil refineries, pipelines and even nuclear power plants.

"This threat targets nuclear power plants in order to control and possibly override their computer systems," Segura said. "Much speculation and debate has gone on about how Iran was the main target."

On the social networking side of things, the Koobface computer worm was still wiggling around. An Information Warfare Monitor study reported that the operators of it raked in more than $2 million in revenue between June of 2009 and June 2010. The worm spread via false links on social networking site such as Facebook, Twitter, MySpace and Bebo.

What to expect in 2011
With mobile phones being used more and more for accessing the Internet, Segura predicts attacks on Android, Blackberry and iPhone users will only grow.

"This will happen with malware bundled with free apps, or jailbreaking programs, as well as exploits targeting the mobile operating systems and various plug-ins they're using (i.e. PDF renderers)," the Malware Diaries blog author said.

While many threats in the past have focused on getting money, Segura and other security researchers believe that in 2011 we will see more cases of hacktivism. The term is a combination of hacking and activism. A major example is when the websites of Visa and Mastercard were attacked in December of 2010 after the companies decided not to process payments made to the Wikileaks website.

"There will be alliances with the bad guys running botnets and ‘governments' or parties that desire to launch an attack against another country or competitor," Segura said.

One thing that won't change, the ParetoLogic security researcher predicts, is phishing scams. In these attacks, criminals try to use social engineering techniques to prompt you to provide them with confidential information, such as your banking or credit card numbers. Often these scams come in the form of email messages that purport to be from a trusted source, such as a bank or the IRS. As long as they keep working, criminals will continue to utilize them.

Microsoft is a registered trademark of Microsoft Corporation in the United States and/or other countries.