Status: Still possible
Reasoning: We havent seen a widespread outbreak of specialized malware, but we have seen glimpses of activity that lead us to believe we could still see this trend develop. For example, in late 2009 after we published our originals predictions, the The Gouverneur Times in New York reported that computerized voting machines used by many voters in Hamilton County, New York were found to be infected with a computer virus aimed at tainting the voting results. In addition, the previously mentioned Stuxnet threat, discovered in July 2010, was specifically designed to steal SCADA related documents, including industrial automation layout design and control files.
As a side note in relation to our original prediction, in April 2010 Rodney Reed Caverly was charged with computer fraud for allegedly creating malware that infected bank computers and ATMs. The use of inside knowledge of the computer systems and cash machines enabled him to carry out the crime and steal an estimated $200,000 or more before being caught.
CAPTCHA Technology Will Improve As this happens and spammers have a more difficult time breaking CAPTCHA codes through automated processes, spammers in emerging economies will devise a means to use real people to manually generate new accounts for spamming, thereby attempting to bypass the improved technology. Symantec estimates that the individuals employed to manually create these accounts will be paid less than 10 percent of the cost to the spammers, with the account-farmers charging $30-40 per 1,000 accounts.
Status: On track
Reasoning: In late April 2010, The New York Times reported spammers are paying workers in developing countries to physically enter in CAPTCHA codes to manually generate new accounts for spamming. According to the report, the going rate for the work ranges from 80 cents to $1.20 for each 1,000 deciphered CAPTCHAS. So, we were admittedly a bit off in terms of how much individuals would be getting paid to do this workthe situation is worse than we assumed it would bebut in terms of the overall trend, we were unfortunately dead on.
Instant Messaging Spam As cybercriminals exploit new ways to bypass CAPTCHA technologies, instant messenger (IM) attacks will grow in popularity. IM threats will largely be comprised of unsolicited spam messages containing malicious links, especially attacks aimed at compromising legitimate IM accounts. By the end of 2010, Symantec predicts that one in 300 IM messages will contain a URL. Also, in 2010, Symantec predicts that overall, one in 12 hyperlinks will be linked to a domain known to be used for hosting malware. Thus, one in 12 hyperlinks appearing in IM messages will contain a domain that has been considered suspicious or malicious. In mid 2009, that level was one in 78 hyperlinks.
Sign up for Computerworld eNewsletters.