6. Spam

Spammers took a body blow during 2009 when the notorious McColo Internet Service Provider was kicked off-line.  The volume of spam plummeted from around 80 percent of all e-mail to 20 percent.  Temporarily.  By year’s end, nine out of 10 e-mails were spam, and the number keeps climbing.

“Can it get to 95 percent?,” Lee asked, rhetorically. “It never ceases to amaze me how much we put up with this.”

7. Finally, Apple gets respect – from cybercriminals

For years, the worst-kept secret in the computer security world was the safety of using Macintosh computers. It seemed that criminals didn’t bother trying to attack Macs. This was no political statement, however. It was merely pragmatism: Apple products were a small target. But with the uptick in Mac market share, the increasingly popularity of Apple’s Safari Web browser and the ubiquity of the iPhone, expect criminals to target Steve Jobs’ products, says Leonard.  Already, he says, there have been a handful of iPhone attacks.

“Malware authors know where people are going,” he said. “It’s more worthwhile for them to go after these platforms.”

8. Cell phones

Speaking of iPhones, 2010 might be the year that we see a significant attack against cell phone or smart phone users. Such an attack has been predicted for years, and has not yet materialized.  But each year, cell phones become more powerful, contain more personal information and are used for more financial transactions. In other words, they become “juicier targets” for criminals, says Lee.  An obvious attack — like something that wipes out phone books — might not be the breakthrough cell phone virus.  Lee says consumers should be on the lookout for a simple automated way to use mobile phones to steal cash. One possibility: some TV shows urge consumers to send text messages at $1 apiece. What happens when a criminal figures out how to redirect such messages, or initiate them?

9. SEO poisoning

You have probably noticed that companies can “game” Google and other search engines, puffing up their search engine results using a series of tricks such as creating fake pages that link heavily to each other.  Annoying, but relatively harmless.  Unfortunately, bad guys have perfected this method and use it to mercilessly attack information seekers every time a large news event occurs. Perhaps hundreds of thousands of users were infected after the death of Michael Jackson through this technique — getting a booby-trapped Web page to rank 5th or 6th on a Google “Michael Jackson” search, even for just a few minutes, is probably the most effective malicious program attack used today.

“We see this sort of attack daily and especially when a signature event occurs, like Michael Jackson’s death,” said Leonard. Expect much more next year.  When the next big news hits — however self-serving this may sound — stick with news Web sites you trust.

10. WINDOWS 7

Naturally, as the year progresses, criminals will set their sights on the increasing install base of Windows 7.  Microsoft has continued to improve security and delivery of updates to its flagship operating system.  But there will be problems, no doubt. And then there’s this troubling notion: Eight out of 10 existing Windows viruses will run on Windows 7, says Leonard.  Impressive forward-compatibility from the bad guys. For consumers, it means there’s no time to be complacent.

11. URL shorteners

Services like bit.ly make sending links through Twitter and e-mail infinitely easier. Unfortunately, it also means criminals can turn obvious troublesome URLs, like https://RomanianDarkLords.Ro/$$$eBay.com into friendly-sounding links like http://bit.ly/5uuWwo.

That makes life easier for criminals, and harder for you, as it takes away one possible hint that a link is trouble.

Websense recently partnered with Bit.ly to help make the process safer. But you should stick with the old rule: Never click on a link you didn’t expect, and always manually type URLs into your browser’s address bar.

12. Gumblar

Last but not least, Landesman says the most troublesome development of 2009 could be the breakout security problem of 2010. The so-called Gumblar worm used an advanced technique to build a new kind of botnet. Rather than target thousands of home computers, Gumblar attacked Web hosts (Web sites) and turned them into “carriers.”  The program managed to download a Web site’s code, inject a hidden malicious program, then reload the now booby-trapped site.

Because Web sites act as a kind of hub online, they have the potential to spread a serious attack much more quickly. And 10,000 compromised Web sites are much harder to shut down than 10,000 compromised home computers, Landesman said.

Worse yet, a seriously successful Gumblar-style attack could undermine Web users’ trust in the Internet. Sites that are one day safe and trustworthy may the next day be dangerous. That would severely hamper security systems that are based on “trusted” sites.

“When you have compromised sites acting as the host itself, the notion of good vs. bad is completely gone,” Landesman said.  “Users will find that fewer and fewer sites that they can trust whatever trust they do have could be very fleeting.”

Already, Gumblar-infected sites have transmitted code to visiting PCs that redirected all Google searches to pay-per-click Web sites, netting a tidy sum for creators.

Gumblar was declared a bigger problem than Conficker in May by Scansafe, and even though its network of compromised Web sites was eventually tamed during the year, Landesman is convinced that the technique will see many copycats.

“It’s one of the attacks we are assured of seeing in large quantities in 2010,” she said.

——————

This post was first posted on http://redtape.msnbc.com dated 22/12/2009 by Bob Sullivan.