Anti-malware firm M86 Security published a report today predicting that malware creators are going to target smartphones and get a lot smarter about creating viruses that are much tougher to detect.
The M86 Security Predictions 2011 report has a lot of scary stuff in it for ordinary computer users. It makes you want to toss out your smartphone and unplug your computer from the internet. Cybercriminals are targeting smartphones because they aren’t as well protected as computers with anti-malware software, said Bradley Anstis, vice president of technology for M86 Security, a security technology company in Orange, Calif. As an example, the recent Zeus virus was released on Nokia phones running the Symbian operating system. The malware was able to compromise online-banking apps which uses text messages to verify mobile transactions.
The Google Android operating system is particularly vulnerable to attack, since just about anyone can upload apps bearing malware to the Android Market. Those apps often trick users into giving them permission to do something to the user’s phone. One app, Movie Player, secretly sent text messages to a premium rate number, costing users several dollars per message. Companies that give out phones to their employees may find that those phones, once compromised, can be used to attack the corporation.
“This is just the beginning,” Anstis said. “The cybercriminals are going where the users are.”
If you don’t have anti-malware protection on your phone, now may be the time to get some.
The new year is likely to bring a host of other evils. Among the scariest is “malware as a service.” Just as legitimate enterprises have adopted software-as-a-service, some malware vendors are making it easier for cybercriminals to adopt hacking tools, such as botnet networks, which use the computing power of compromised computers to launch malware attacks, as a service. That trend isn’t brand new, but it is taking hold, Anstis said. Just as enterprises are tapping the cloud to improve security, malware vendors are using the cloud to undermine security.
Malware creators will also be able to better disguise their work using stolen digital certificates, which are used to authenticate web sites. With forged certificates, anti-virus software that trusts the certificates may be fooled, allowing malware to bypass typical barriers. The Stuxnet virus that attacked industrial control equipment was the first malware to employ this trick of using forged digital certificates. Spam campaigns will increasingly mimic legitimate mail from popular web sites.
M86 also believes that social network users will continue to be targeted by malware, mainly because the users tend to trust messages coming from their own friends. By warning about upcoming malware trends, M86 hopes to get enterprises and the tech community to start planning responses. M86 has more than 25,000 customers with 26 million users worldwide. The company has 350 employees.
[image credit: eHow]