Flash & Adobe Reader to be prime targets for hackers in 2010

Mcafee are reporting that Adobe Reader and Flash are to be prime targets for criminal hackers next in 2010.

This on the back of this report:
http://www.theregister.co.uk/2009/12/22/mass_flash_file_vulnerability/ and http://websecurity.com.ua/3789/

My personal take on this is that yes, it could be used as a potential XSS but invariabaly it would have meant that the original 3rd party adserver had been compromised anyway… which is a much more serious issue, eg;

OpenX Ad Server reported to be hacked [2009-12]
Hackers hit OpenX ad server in Adobe attack [2009-12]
eWeek Web Site Leads Users to Rogue Anti-Virus (AV) Application [2009-02]
Details of hijacked 24/7 ad server emerge [2007-10]
Hacked Ad Seen on MySpace Served Spyware to a Million [2006-07]
Bofra exploit hits our ad serving supplier [2004-11]

It’s full list of threat predictions include:
McAfee Labs foresees an increase in threats related to social networking sites, banking security, and botnets, as well as attacks targeting users, businesses, and applications. However, in 2010 we expect to see an increase in the effectiveness of law enforcement to ight back against cybercrime.

  • Social networking sites such as Facebook will face more sophisticated threats as the number of users grows.
  • The explosion of applications on Facebook and other services will be an ideal vector for cybercriminals, who will take advantage of friends trusting friends to click links they might otherwise treat cautiously.
  • HTML 5 will blur the line between desktop and online applications. This, along with the release of Google Chrome OS, will create another opportunity for malware writers to prey on users.
  • Email attachments have delivered malware for years, yet the increasing number of attacks targeted at corporations, journalists, and individual users often fool them into downloading Trojans and other malware.
  • Cybercriminals have long picked on Microsoft products due to their popularity. In 2010, we anticipate Adobe software, especially Acrobat Reader and Flash, will take the top spot.
  • Banking Trojans will become more clever, sometimes interrupting a legitimate transaction to make an unauthorized withdrawal.
  • Botnets are the leading infrastructure for cybercriminals, used for actions from spamming to identity theft. Recent successes in shutting down botnets will force their controllers to switch to alternate, less vulnerable methods of command, including peer-to-peer setups.

PDF report here: http://mcafee.com/us/local_content/white_papers/7985rpt_labs_threat_predict_1209_v2.pdf

Related Slashdot Article: http://it.slashdot.org/story/09/12/29/1435259/Adobe-Flash-To-Be-Top-Hacker-Target-In-2010?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Slashdot/slashdot+(Slashdot)
Anothe realated article: http://www.itjungle.com/tfh/tfh010410-story09.html

Leave a comment | Trackback
Jan 4th, 2010 | Posted in AdOps, Development, Flash, Misc, Security
Tags: , , , , ,
No comments yet.
You must be logged in to post a comment.