SAN FRANCSICO – Have you been SMiShed yet? SMiShing, a phishing attack delivered via text message (Short Message Service), is one of several new threats expected next year, according to annual threat prediction reports released by McAfee Avert Labs and competitor Websense.
The companies warned customers of increasingly sophisticated attacks hitting from all angles-including mobile phones, MySpace and PDAs. (Keep in mind that the two companies issuing warnings sell tech security software.)
There was some good news for early adopters of Vista, Microsoft’s new operating system: They’ll get several months protection from some threats-or at least until hackers can get up to speed. But, says Websense’s security research VP Dan Hubbard, “It’s not just about Windows anymore. More platforms are being targeted.”
Here are some of next year’s biggest and baddest threats:
Attacks will take to the road. So far, American cell phones have remained relatively virus-free. But smartphones, increasingly used to surf the web, send e-mail and download files, provide new opportunities for malware to sneak across devises. McAfee (nyse: MFE – news – people ) expects hackers will send phishing text messages, tricking recipients into inputting their personal information on fake Web sites. Also popular will be complex Trojan horse viruses that send text messages to premium numbers, making money by running up subscribers’ bills.
MySpace profiles will attack. Malware will proliferate on Web 2.0 applications like MySpace and YouTube. Security researchers have already spotted several pieces of malicious code in these programs that launch phishing sites or install spyware. Earlier this year, Websense discovered a number of MySpace pages containing videos that appear to be from YouTube. When viewers click on the video, they are directed to an outside site that installs adware from Zango. “You can connect to one user and infect hundreds of thousands of other users,” says Hubbard.
Inboxes will get a double serving of spam–thanks to the growth of image spammers who embed messages in image files. These messages look identical to normal spam–hawking lower mortgages and cheap pharmaceuticals–but sneak by many anti-spam programs. Standard e-mail filters scan only simple text, not pictures or photos. Over the past year image spam jumped from 2 percent of all spam to 30 percent, reports network security software company Secure Computing. It takes up five times more space than normal spam, estimates David Marcus, McAfee’s security research and communications manager, making it particularly harmful for ISP providers and e-mail servers.
Expect more sophisticated and stealthy attacks. Hackers will increasingly rely on sneaky, complicated software like rootkits, which cloak hacker’s manipulation of outside computers, and keyloggers, which record users’ every keystroke.
Companies will keep losing data. As corporations from Google to Bank of America allow customers to store more information online than ever, the danger of leaking data increases. The U.S. Federal Trade Commission estimates that approximately 10 million Americans fall victim to identity fraud each year. For cybercriminals, more data means a bigger paycheck.
