Social media continue to attract criminals

F-Secure today released its Third Quarter 2009 Security Threat Summary. One of the notable trends during the quarter was a shift to leaner and more secure operating systems. Broadband Internet access continues to increase, but computing resources have not kept pace with software demands. As a result, lighter software and optimized performance have become a focus for the software industry.

More secure browsing

During the third quarter, Firefox introduced its new private browsing feature, and released Firefox 3.5.3, which introduced a notification feature for outdated versions of Adobe Flash Player in an effort to reduce security vulnerabilities often created when users don’t keep this software up to date.

Search engine competition is good for security

On the search engine front, Microsoft and Yahoo! agreed to replace Yahoo!’s search engine with Bing. Microsoft hopes to compete with Google by offering unique features in Bing, such as adult content filtering. Safe search results are now an important feature for consumers. The deaths of Michael Jackson, Farrah Fawcett and Patrick Swayze were quickly exploited by criminals through search engine optimization attacks, which often pointed people to rogue antivirus products. The H1N1 flu has also been used as an emotional “hook” to lead Internet users to scam sites.

Social media and networks under attack

As Facebook reached 300 million accounts in September, social media and social networks have continued to attract criminal and political interest. Personal networking connections offer trusted authentication, which criminals abuse by compromising user accounts and linking to malicious sites. F-Secure reminds Internet users about the importance of strong passwords, and that Facebook passwords should be different than passwords associated with the e-mails used to log into Facebook.

In August, news emerged that Twitter was used to direct botnets. Twitter accounts are also being used to push rogue AV products.

Politically motivated DDoS attacks

Also in August, a Georgian blogger’s Twitter, Facebook, LiveJournal, Google Blogger and YouTube accounts were jammed by a politically motivated DDoS attack. In another coordinated DDoS attack during Malaysia’s National Day on August 31st, hackers targeted a Malaysian-based web host and defaced more than 100 websites, including those belonging to Malaysia’s national institutes, universities, media and businesses.

Mobile threats make a comeback

In the world of mobile phone security, this quarter witnessed the re-emergence of the SMS worm, Yxe (also known as Sexy View) – this time in the form of Sexy Space, which behaves much like its predecessor. The new variant, Yxe.D, is again Symbian-Signed, but with a certificate from a different company in China than the earlier version.

The old “missed call scam” is also making a comeback. The scam involves a call from an unknown international number, which is immediately dropped when answered. When the curious person calls the number back, she hears a busy tone audio file, when in fact the call is being charged at a premium rate. F-Secure recommends a Google or WhoCallsMe search on unusual numbers before returning unknown calls to avoid nasty surprises in the phone bill.