Status: Mostly on track
Reasoning: Rogue security software is still one of the biggest issues facing the security industry and consumers alike, but we have not yet seen peddlers of such nefarious applications go as far as making ransom requests to free locked down computers a regular practice. That does not mean, however, that we have not seen the bad guys expand their repertoire. For example, Symantec recently investigated a company, Online PC Doctors, which is cold calling computer users with a live telephone agent in an attempt to persuade them that their computer is infected.
Once the agent has convinced a user that their computer is infected, he or she offers to remotely connect to the machine to take a closer look. Naturally, the agent reports finding a severe malware infectionwhether there is one or not. No fear, however, as the agent explains that Online PC Doctors can fix the problems, for a fee of course. All the user has to do is send an email to Online PC Doctors with all the pertinent payment information, including full credit card details.
Social Networking Third-Party Applications Will be the Target of Fraud With the popularity of social networking sites poised for another year of unprecedented growth, expect to see fraud being leveraged against site users to grow. In the same vein, expect owners of these sites to create more proactive measures to address these threats. As this occurs, and as these sites more readily provide third-party developer access to their APIs, attackers will likely turn to vulnerabilities in third-party applications for users social networking accounts just as we have seen attackers leverage browser plug-ins more as Web browsers themselves become more secure.
Status: Mostly on track
Reasoning: This is difficult to track directly, but anecdotal feedback and analysis of URLs from Symantec Hosted Services Web Security Service both suggest that social networking sites are triggering more blocks in 2010 for malicious content than they did in 2009. On average in 2009, one in 451 Web Security Service blocks related to a social networking site. However, in 2010 this number rose to one in just 301.
There are also many recent anecdotal reports of rogue applications being created for a variety of purposes, some to spread malware, others for financial fraud or taking advantage of users to send spam. For example, an app was recently discovered to be part of an IQ testing scam which aimed at covertly signing users up for a premium mobile service that costs $10 per month.
As further validation that this trend is indeed developing, Facebook recently updated their application authorization system in an effort to reduce the number of these scams and misleading applications being propagated via their network. Now a user is informed when an application seeks permission to access the users basic information or to post on their wall.
Sign up for CIO Asia eNewsletters.