Google, Adobe May Be Prime Hacker Targets in 2010

By Mike Schuster  DEC 30, 2009 12:15 PM

Popularity begets malware, say analysts.


While this year may have seen its share of notable denial-of-service attacks against specific websites -- taking out AT&T (T), Google (G), Twitter, and Facebook -- analysts at McAfee and Kaspersky Lab Americas claim that 2010 will mark increased attacks against platforms like Adobe Flash (ADBE), the iPhone (AAPL), Android phones, and Google Wave.

McAfee's squad of antivirus renegades released a report noting that a growing number of hackers have taken advantage of the weak protection the Adobe platform provides. And given how common Flash and Adobe Reader is among computer users, it offers attackers a wider gamut of vulnerable machines than most. The report states, "Based on the current trends, we expect that in 2010 Adobe product exploitation is likely to surpass that of Microsoft Office applications in the number of desktop PCs being attacked."

It's a convincing claim, given that it's already begun: Adobe had suffered through numerous attacks this year, possibly portending a rough road ahead in 2010. Twice this year, a flaw in its PDF viewer Adobe Reader allowed hackers to gain access to private information. And the prevalence of Adobe Flash turns any website into a direct conduit into a user's system and sensitive files.

For decades, the common conception is a product's popularity was directly proportionate to how often it lent itself toward malicious attacks. Supporting that theory is the overwhelming share of malware targeting Microsoft (MSFT) software -- a relatable situation for any Windows user who's ever run Ad-Aware -- compared to Mac and Linux platforms.

But correlation doesn't necessarily mean causation, as many Microsoft critics would suggest. Many would assert that hackers target Microsoft products specifically due to weak protection. However, that dissenting opinion will be put to the test if and when Microsoft falls from its perch and becomes a runner-up to a more popular platform.

Recently, another analyst has connected wide usage to malicious intent, but unlike McAfee, senior malware researcher Roel Schouwenberg of Kaspersky Lab Americas goes out on a limb and labels Google Wave -- an online app which has yet to emerge as a formidable competitor with well-defined function -- as cyber criminals' next top target.

"Attacks on this new Google service will no doubt follow the usual pattern," Schouwenberg predicts. "First, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware."

Aside from giving the predictable stages of malicious attacks, Schouwenberg may have overestimated the reach Google Wave will hit or has assumed constant Gmail phishing attacks would slowly bleed over to Google Wave. Either way, until the Wave finds popularity -- or a distinct and viable use, for that matter -- it's probably safe.

Schouwenberg also names iPhone and Android phones as top candidates for 2010 attacks, citing the widespread use of the Apple device and the exploding number of smartphones running the Android OS.

But at a time when the device has never been more popular, Schouwenberg fails to note the utter lack of attacks the iPhone has already contended with -- the most notable was relatively harmless and effective only on a fraction of jailbroken phones. And while Android phones do allow unverified third-party applications, it's far more uncommon for a user to browse for add-ons outside the official Android Market.

So while there's credence to the notion that popular software is hit by more attacks than its lesser competitors, the ones on top aren't always fending off digital slings and arrows.

Still, your best bet for 2010: Complex passwords, freeware virus protection, and a trained wariness of banner ads and shortened URLs.
No positions in stocks mentioned.