Regardless of if a threat uses fast flux or other similar techniques, if the geographical location of a threat cannot be pinpointed, it becomes much more difficult to stop the attack stream. Thus, it is easy to see why these methods are all the rage among cybercriminals, and why we think they will continue to grow in popularity.
URL Shortening Services Become the Phishers Best Friend Because users often have no idea where a shortened URL is actually sending them, phishers are able to disguise links that the average security conscious user might think twice about clicking. Symantec is already seeing a trend toward using this tactic to distribute misleading applications and we expect much more to come. Also, in an attempt to evade antispam filters through obfuscation, expect spammers to leverage shortened URLs to carry out their own evil deeds.
Status: On track
Reasoning: As predicted, spammers use of URLs from link shortening services has become increasingly popular. At its peak in July 2009, 9.3 percent of spam included some form of shortened hyperlink provided by one of the many free online shortening services; this is equivalent to more than 10 billion spam emails each day worldwide. In April of 2010, however, this peak figure nearly doubled to 18.0 percent of spam, the current historical peak.
Not only are phishers and malware authors using shortened URLs to set traps for unsuspecting computer users, but we have seen shortened URLs used as a means to spark life into some older threats. As already mentioned, in late April and early May 2010, Symantec observed the Storm botnet reappear in the wild. Most of the spam messages sent from the new Storm, which peaked at around 1.4 percent of all spam on May 8, 2010 contained links to online pharmacy sites. The majority of these links were in the form of shortened URLs.
Mac and Mobile Malware Will Increase The number of attacks designed to exploit a certain operating system or platform is directly related to that platforms market share, as malware authors are out to make money and always want the biggest bang for their buck. In 2009, we saw Macs and smartphones targeted more by malware authors, for example the Sexy Space botnet aimed at the Symbian mobile device operating system and the OSX.Iservice Trojan targeting Mac users. As Mac and smartphones continue to increase in popularity in 2010, more attackers will devote time to creating malware to exploit these devices.
Status: Still possible
Reasoning: We have seen a few new pieces of malware for Mac OS X, but so far, nothing earth-shattering; though we may never see earth-shattering, especially as we enter the post-PC era. iOS devices, such as the iPad, iPhone and iPod Touch, continue to be mostly secure from a client perspective. However, we did see the App Store sell several applications that exhibited malicious behavior, though Apple insists only 400 users were impacted. So, the platform did get attacked, just not in the way most anticipated.
Sign up for Computerworld eNewsletters.