For security researchers, there’s never a dull moment; online criminals constantly find new security holes to exploit, and new ways to get at your personal data. At this year’s RSA security conference in San Francisco, we got to speak with representatives from several companies about what to expect in the coming months. Here are some of the dangerous new malware trends to watch for in 2012.
SSL Not So Safe? When you see the padlock icon in your browser’s toolbar, you might think that your data is safe, but hackers have found ways to get at your information before you send it securely on the internet.
These new forms of malware can identify when you’ve visited sites protected with SSL–the encryption technology used to keep data safe from prying eyes as it travels across the Internet–and it can grab your username and password before the encryption kicks in. In addition, these sorts of attacks, according to security software maker Webroot, will ignore all Web traffic except encrypted sites to filter out information that it isn’t interested in.
More Targeted Baddies: Also on the rise is super-targeted malware. Some malware can access your browser history, and will only infect you if it sees that you’ve visited certain sites. For instance, a piece of malware designed to steal online banking login information might check to see if you visited a particular bank’s website. Expect more malware that goes after certain groups of people or specific bits of information.
New Malware Harder to Spot and Remove: You may be infected with malware and not even realize it. While older malware used to make itself known on your PC, newer forms of malware may not even have an interface, and they may not seriously impact your PC’s performance. Instead, it all runs in the background, seemingly invisible to you.
This hard-to-spot malware can also be hard to remove. For example, a relatively new rootkit called ZeroAccess buries itself deep into your system, and it’s extremely difficult to disable, since it effectively kills any program that tries to access it (hence the name ZeroAccess).
Malware Holds Your PC for Ransom: Ransomware is nothing new–it’s been around for a few years in various forms, including fake antivirus software that won’t go away unless you pay up. But the guys at security software company Malwarebytes see it as a growing problem. The company pointed to one example where a piece of malware would lock you out of your computer entirely unless you pay up.
Of course, ransomware means you can get hit twice: If you pay to remove the infection, you will likely end up giving your credit card information to criminals who might go on to use your account fraudulently.
Old Problems Come Back: At the same time, look for some older types of malware to make a resurgence. Researchers with security company CheckPoint expect to see bots make a comeback in 2012. Meanwhile, Webroot expects to see an increase in dynamic, targeted threats similar in nature to the Storm worm from a few years ago.
What About Mobile Malware? One of the big stories out of last year’s show was the rise of malware for Android, and we saw a large increase–at least in terms of growth rate–in malicious apps for Android over the last few months of 2011. Is it time to panic?
Not so fast, says CheckPoint. According to the company, there has yet to be a massive malware outbreak on Android, despite the overall increase in mobile malware. That said, the company says that mobile malware is the “logical next step,” so while there’s no need to panic, you do need to keep your guard up.