Trend Micro released its annual threat report today.  This year, our annual report focuses on the future of the threat landscape.

Virtualization, cloud computing, and a shifting Internet infrastructure will widen the scope of cybercrime.

With the growing popularity of cloud computing and virtualization among companies, we fully expect cybercriminals to find new methods by which to increase their profit margins.

Earlier in 2009, the industry witnessed the unfortunate Danger/Sidekick cloud-based server incident, which highlighted cloud computing risks that cybercriminals will likely attempt to abuse. Trend Micro experts believe that cybercriminals will either try and manipulate the connection to the cloud or attack the data center and cloud itself.

The Internet infrastructure is changing, opening more opportunities for cybercrime.

The “next-generation” protocol designed by the Internet Engineering Task Force, Internet Protocol v. 6 (IPv6), is still in the experimentation stages of replacing the current IPv4, now 20 years old. As users start to explore IPv6, so too will cybercriminals and we can expect to see proof-of-concept elements in IPv6 start to materialize in the upcoming year.

Domain names are becoming more internationalized and the introduction of regional top- level domains (Russian, Chinese, and Arabic characters) will create new opportunities to launch age-old attacks through look-alike domains for phishing—using Cyrillic characters in place of similar-looking Latin characters. Trend Micro predicts this will lead to reputation problems and abuse that will challenge security companies.

Social media and social networks will be used by cybercriminals to enter the users’ “circle of trust.”

Social networks are also ripe venues for stealing personally identifiable information. The quality and quantity of data posted openly by many trusting users on their profile pages, combined with interaction clues, are more than enough for cybercriminals to stage identity thefts and targeted social engineering attacks. The situation will worsen in 2010, with high-profile personalities suffering from online impersonators or stolen bank accounts.

Global outbreaks will become extinct and localized, targeted attacks will grow.

The threat landscape has shifted and we are no longer seeing global outbreaks like Slammer or CodeRed. Even the much-covered Conficker incident of 2008 and early 2009 was not a global outbreak by its true definition; rather it was a carefully orchestrated and architected attack. Moving forward, localized and targeted attacks are expected to grow in number and sophistication.

Key forecasts for 2010 and beyond:

• No global outbreaks, but localized and targeted attacks
• It’s all about money so cybercrime will not go away
• Windows 7 will have an impact since it is less secure than Vista in the default configuration
• Risk mitigation is not as viable an option anymore—even with alternative browsers/operating systems
• Malware is changing its shape—every few hours
• Drive-by infections are the norm—one Web visit is enough to get infected
• New attack vectors will arise for virtualized/cloud environments
• Bots can’t be stopped anymore and will be around forever
• Company/Social networks will continue to be shaken by data breaches

For the full threat report, please visit: http://us.trendmicro.com/us/trendwatch/research-and-analysis/threat-reports/index.html.

Trend Micro threat analysts come across a huge number of phishing cases that feature nearly identical domain names every day. In a Web reputation manual verification exercise, analysts found that three of the most popular phishing targets to date were Chase, the Internal Revenue Service (IRS), and, just recently, Web hosting sites.

To launch such an attack, cybercriminals use the phishing URL format cpanel.{attacked_company}.{phishingdomain}/scripts/cpanel-ftp-confirmation.php.

In this kind of attack, the phishing URL loads a page where users are asked to enter the following information:

• FTP hostname/address
• FTP login
• Password

Once the users enter the required information, they will receive a confirmation message. They will then be redirected to the legitimate Web hosting site to fool them into thinking that they have not just been phished. Little do they know that their sites have been compromised and may be used by cybercriminals to further their own malicious causes. And worse, if they use the same login credentials (username and password) for other sites (e.g., banking and email), they may have just fallen prey to identity theft.

Phishers who use this technique usually target .uk (United Kingdom) domains .be (Belgium) domains.

Trend Micro users are protected from this threat via the Smart Protection Network, which detects and consequently blocks user access to all related phishing URLs.

In this month’s Patch Tuesday, Microsoft released six security advisories to address 12 vulnerabilities. Three of these security bulletins are deemed “critical” (MS09-071, MS09-074, MS09-072) while the rest are tagged as “important.”

The recently reported vulnerability exploit in Internet Explorer versions 6 and 7 has also been fixed in MS09-072. The said vulnerability could grant the attacker user rights access to the system. In addition, it also allows malicious users to execute arbitrary code in the system. Trend Micro detects this as HTML_SHELLCOD.WT.

Similarly, Adobe also released two security advisories to address recently discovered vulnerabilities in Flash Player and Illustrator. Accordingly, the vulnerability in Flash Player could give malicious users control of the system if successfully exploited.

With the holiday season just around the corner, along with a truckload of holiday-related scams (fake e-cards, phishing attacks, etc.) and malware, users are strongly advised to apply these patches immediately and keep their systems up-to-date.