The combination of attack toolkits and plenty of vulnerabilities to exploit--Symantec reports more than 6,000 new ones in 2010--fueled the rise in Web attacks, while traditional propagation mechanisms, notably file transfer and email attachments, dropped 18 percent. There were 14 new zero-day vulnerabilities, primarily in widely used applications such as Internet Explorer, and Adobe Reader and Flash Player. Stuxnet alone used four of these vulnerabilities.
Malware writers churned out a startling 2.86 million unique variants in 2010 in an effort to overwhelm traditional anti-malware techniques, such as signature-based detection. Security vendors such as Symantec and others have responded with a wider range of detection technologies, notably Web site and, more recently, file reputation. Symantec says that the widely distributed toolkits helped criminals inflate malware totals.
Mobile device vulnerabilities were up, but the numbers were still small, rising from 115 in 2009 to 163 in 2010. Moreover, there's is no sign that criminals are about to start exploiting smartphones, tablets, etc. in any significant numbers. The large majority of mobile devices are still "dumb" cellphones, Fossi observes, and criminals are making a lot of money exploiting desktop and laptop computers. He believes that criminals will turn their attention to mobile devices when the money is there.
"The real turning point will be the number of financial transactions that people do on these devices," he says. "When people start using them more regularly to purchase online or do their banking, that's what's going to attract more attention.
See more on this topic by subscribing to Network Computing Pro Reports Security: Wicked Innovation (subscription required).
