Store
|
Contact Norman
|
About Norman
|
Select location
Corporate
Norge
France
Deutschland
Sverige
Danmark
Suomi
Nederland
Schweiz
España
United States
United Kingdom
Italia
Proactive IT security
Home & Home office Small / Medium business Enterprise Our technology Security center Norman as a business partner Support   Partner web
Home
>
About Norman
>
Press center
>
News archive
>
2009
>
Norman summing up 2009 - predictions for the year to come
Vision & Values
Events
Careers
Press center
News archive
Pictures and logos
Press contacts
Media center
Webcasts
Podcasts
Subscribe to newsletter
Customer cases
Awards and certifications
Archive
Certifications

Norman summing up 2009 - predictions for the year to come

Oslo, Norway – 28 December 2009 - December is the month to look back on the year that is coming to an end. The most significant observation to make from this year's malware activity is that different social networks such as Twitter and Facebook have become a major target for authors of malicious programs.

A podcast with a summary of this article.

This text will be replaced by the flash music player.

Norman Internet Security Trends 2009

  • Conficker - although this worm first appeared at the end of 2008, it was in 2009 the worm caused most problems for end users, and in particular organizations. The worm was most active in the first part of 2009, but is still active when this is written at the end of the year.
  • W32/Virut is a family of highly polymorphic viruses. The viruses in the Virut family were active throughout the year, and will most likely still be seen in new variants in the year to come.
  • W32/Koobface is of interest primarily because it uses spreading mechanisms through social networks like Facebook. It first appeared in 2008, but 2009 was the year when it reached its peak.
  • On the "good old days" of malicious programs, security organizations and users had to relate to malware in a different way than now. The most used technique for an author of malware was then to create one malicious program, using different techniques for propagation. Over the years this has changed, and the situation today is fundamentally different. Now, we see malware cocktails as the general trend. These are composed of a whole range of different types malicious programs, as well as the same types with various functionality.

General tendencies and trends:

  • The growth in malicious software. One indicator which shows the growth in malicious software during a period of time is the number of signatures for malicious programs in Norman's virus detections files. In 2007 more signatures were added than all previous years accumulated. In 2008 more signatures were added than the total number at the beginning of the year. In 2009 slightly less signatures were added than the total number at the beginning of the year.This seems to indicate that the growth is stabilized to be more linear as opposed to exponential in the years before 2008. The total number of new signatures at this point in time is nevertheless mind-blowing compared to the number at the beginning of the decade.
     
  • Legitimate software reported as malicious. The fact that the number of malicious software has become so large, represents an additional risk as legitimate software may be detected as malicious as it corresponds to a part of the antimalware vendors' signature files or other malware detection technology. This has happened also this year, with security software from different vendors, including Norman. Unfortunately this will inevitably happen again. The most important challenge for the security vendors is to avoid such incidents for critical system files and for critical, much-used applications. To accomplish this, the vendors of security software invest heavily in equipment, which enables thorough testing of malware detection files against all kinds of legitimate software, before the signature files are published to the general customer base.
     
  • More rogue computer programs. Computer programs that pretend to be what they are not, have been around almost forever. The trend that was observed in 2008, with an increased flow of rogue computer programs masquerading as antivirus and antispyware applications, continued in 2009. During 2009 this even multiplied. By the end of the year, rogue computer programs have grown into a substantial industry. The potential for economic profit for those involved is substantial, at the same time as the risk involved is minor.
     
  • Using social networks for propagation of malware. Social networks like Facebook and Twitter have grown increasingly popular during the year. Not surprisingly this has corresponded with the use of social media as spreading mechanisms for malware. If one should pick one particular security issue as the most important in 2009, it is the use of social networks as targets for malware propagation and exploitation - usually by using social engineering.
     
  • Vulnerabilities in operating systems and applications are still exploited. The tendency continues, for authors of malicious software use vulnerabilities in operating systems and applications to propagate. Popular applications like wide-spread web browsers, Adobe's applications, much-used office systems etc. were all affected by this. Not only were the most used applications from Microsoft targeted, several other vendors' popular software were affected.

    In previous years the malware authors' focus was primarily on vulnerabilities in operating systems. Recently however, this has changed, and the much used applications like the ones mentioned above, are increasingly targeted. A particular challenge for users is the fact that there are no standard for distributing updates and patches to applications, which means that a multitude of updating mechanisms must be used.
     
  • The malware writers are very quick to utilize new vulnerabilities by creating exploit applications. One consequence of this is that the software vendors have to try to react faster with security patches and other workarounds.

    Malware writers are getting increasingly sophisticated in creating malware that exploits not only one, but several vulnerabilities - patched and not patched - in the same piece of malware. This has been made even more easy as a malicious person can purchase her own set of exploits on the Internet, and then use these in her malicious program. Creating a malicious program is now possible without any programming skills. One of the implications from this is that social engineering skills on the malware "designer's" part are getting more crucial in order for a particular piece of malware to succeed among the multitude of others.
     
  • Big media events are used as triggers for malware distribution. This is not a new and revolutionary observation. However, during 2009, we have observed that this tendency has increased. Authors of malware are more eager to launch malware using social engineering techniques piggybacking on major media events. Several examples of this have been seen. The most prominent is probably those inspired by the Michael Jackson's death and funeral.
     
  • Malicious software exploiting new devices. This year two examples of this have been observed, malware on cash machines (ATMs) and malware exploiting routers/ DSL modems. Presumably this is only the tip of the iceberg. In the future malware attacking devices never viewed as vulnerable or dangerous by ordinary users, may turn out to be exactly that.
     
  • Awareness of threats to the Internet by top politicians. Finally it is appropriate to mention that in the middle of the year, the Internet as a critical part of modern societies' infrastructure was stressed. US President Barack Obama focused on this in particular in a much-commented speech 29 May. 

Predictions for 2010:

  • More and increasingly sophisticated exploitation of social networks.
  • Rogue security software will continue to be popular.
  • The malware cocktails will persist be more flexible and increasingly advanced rootkit technology will evolve.
  • Automatic updates of malware will be more innovative.

For more information, please contact:

Audun Lødemel, VP Marketing and Business Development, +47 934 46 531, audun.lodemel@norman.com

Privacy policy
|
License agreement
|
Trademarks
|
Sitemap
FacebookTwitterYouTubeLinkedIn