A blog from security vendor Symantec estimates that there are 50,000 new infected computers daily thanks to the Conficker worm.
They have a really nice map on their site which shows the spread of the worm around the world. Thankfully New Zealand seams relatively clean – because for some reason we don’t even make it on the map!
In the business this is known as ‘security by obscurity’ – and generally doesn’t work.
A recent report from MessageLabs (‘Now part of Symantec’ – in case you missed it) outlines that organisation’s predictions for the threat landscape in 2009.
Once you stumble through the Malware Makes It’s “Mash-up” parargraph (which I had to read three times before it made sense) it makes for thought provoking reading. MessageLabs predicts that next year the bad guys are going to use personalised web based accounts such as webmail or social networking profiles to send concise and more believable messages to targeted users. The messages will draw users into the scams slowly over a number of contacts rather than reveal themselves at the outset.
Users will also be targetted via their mobile phones, weaving an ever more elaborate and believable trap containing the victim’s online accounts, friends and their mobile services. And the initial attack vector could be a sophisticated and almost undetectable piece of malware hidden within a virtual machine running on their own computer, or for that matter any other machine into which they enter any personally identifiable information.
The guts of the article is that the criminals are getting cleverer, perhaps realising that the general public is also becoming wiser to the old scamming techniques. After all, who really ever falls for the old Nigerian scam? One answer to that question is here, but increasingly the crims are going to rely on the trust we have within our existing online networks. Users of the big three, Facebook, MySpace and Bebo are learning this the hard way. Take a look at the comments on just about any Bebo account and you’ll see posts from users of the Bebo mobile service (identified by the logo next to the comment). Some are obviously phishing attempts but others are not so obvious.
What red-blooded teen user of Bebo wouldn't respond to this?
These messages are targetting the ‘MyFaceBo’ demographic. The language is there, lack of correct grammar and all, the content is about right, and the message is coming in using a mobile which surely a scammer wouldn’t bother with, would they?
As we operate more and more in interconnected spaces we are all going to have to be more careful about who and what we trust, and as usual the youth market is experiencing the cutting edge of technological change.
2009 is looking like it is going to be an interesting year. Perhaps it will be the year security awareness training comes of age?
