download issue 24 here - Help Net Security
download issue 24 here - Help Net Security
download issue 24 here - Help Net Security
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Spam and phishing scams will follow all new<br />
popular applications because the bigger the<br />
target pool is, the bigger the chance of succeeding<br />
will be. New applications will bring<br />
more unwanted content and offer more space<br />
for criminals to maneuver in and spread malware,<br />
and new, improved Koobface modules<br />
to target them.<br />
Old applications, new threats<br />
New features will be exploited. Koobface will<br />
evolve - encrypted or obfuscated configura-<br />
tion files and improved communications infrastructure<br />
(possibly peer-to-peer architecture).<br />
AV detection rates will start to matter because<br />
they will start targeting more experienced users<br />
- users who keep their software up-todate.<br />
Because of this they will probably start<br />
encrypting the packets to avoid detection and<br />
to make the analysis process harder. And, finally,<br />
technical exploits will be developed and<br />
used in addition to social engineering.<br />
Spam and phishing scams will follow all new popular applications because the bigger the target<br />
pool is, the bigger the chance of succeeding will be.<br />
New applications, new threats<br />
It is, of course, difficult to predict which new<br />
threats will rise from new, yet unknown applications<br />
because we can't possibly know what<br />
the features will be or what they will be designed<br />
to do.<br />
But, as more and more personal information<br />
becomes public on social networks, it will be<br />
used to execute targeted attacks. Advertisers<br />
are already using this information for targeted<br />
ads, so the potential for exploitation seems<br />
obvious.<br />
Another new aspect of these attacks will be<br />
automation - with the use of geographical IP<br />
location, automatic language translators that<br />
are becoming better and better, and information<br />
about personal interests and tastes that<br />
can be found and accessed on the Web.<br />
These attacks will be localized, contextualized<br />
and personalized.<br />
What can we do about it?<br />
Zeljka Zorz is a News Editor for <strong>Help</strong> <strong>Net</strong> <strong>Security</strong> and (IN)SECURE Magazine.<br />
We should use a fully featured Internet security<br />
solution, an up-to-date browser, and always<br />
the latest versions of software that has<br />
historically proved to be very vulnerable (e.g.<br />
Flash Player, Adobe Reader, etc.).<br />
We should also learn not to trust every message<br />
from contacts in the social networks we<br />
use, and don't assume that just because a<br />
website is high-profile and has a good reputation,<br />
it is in<strong>here</strong>ntly safe.<br />
In the end - we should learn and teach. Educate<br />
ourselves and others about potential<br />
threats.<br />
www.insecuremag.com 36