MessageLabs, a firm that studies patterns in various types of cybercrime, has announced a series of predictions for computer security trends in 2007. These include a significant rise in the number of worms targeting Apple’s Mac OS X, and the emergence of VoIP threats as adoption of the technology increases and criminals target application vulnerabilities.
Paul Wood, MessageLabs senior analyst, said the increase in worms targeting OS X is simply a reflection of it becoming a more popular operating system.
“It’s just by the very nature of the operating system itself becoming much more common,” Wood said. “There are a lot more researchers now looking at OS X and finding vulnerabilities and publishing those without actually going to Apple and saying, ‘We found these bugs.’”
Meanwhile, OS X is looking increasingly viable for cybercriminals.
“Criminals are not going to shift away from targeting Windows as long as it remains such a widely accessible desktop, but there’s certainly nothing stopping them from looking at other alternatives as well,” Wood said.
As for VoIP threats expected to emerge, Wood said there are two sides to this potential problem. The first is VoIP being used by cybercriminals to conduct phishing attacks by telephone.
“VOIP can be configured to spoof the caller ID number, so (cybercriminals) can make calls pretending to be somebody from, say, their bank, where (the target) might recognize the number on the caller ID and then try and conduct kind of a social engineering attack on that person,” Wood said. “It’s very difficult for people who receive those sorts of calls at home to know whether that really is their bank calling them because, quite often, their bank will say, ‘Well, I need to know that you are the person I am calling — can you confirm your mother’s maiden name?’ or something like that.”
Cybercriminals might merely duplicate this same routine in order to obtain sensitive information, which could make it difficult for actual banks to authenticate themselves over the telephone. This would be similar to how phishing has made it difficult for banks to send genuine e-mails to their customers.
The second potential threat to VoIP is that it might present another way to open computers to various types of malware.
“If you’re running VoIP software, then that’s essentially software that’s running on your PC and is vulnerable in the way that any other application is vulnerable,” Wood said. “So, there’s a way of constructing a malicious call, which when you receive the call, it crashes the application in such a way that it will execute code.”
The code then sends the computer to a URL that downloads malware.