Dec29

2010 in Review: 2010′s Most Dangerous List 5:00 am (UTC-7)   |    by Martin Roesler (Director for Threat Research)

Tweet

As 2010 comes to a close, here’s a list of the riskiest items we encountered in the past year:

• Hardware: The riskiest hardware device used in 2010 was the German identification card reader. These cards contain encoded private information such as fingerprints. Unfortunately, the information on them can be quite easily stolen by using certain card readers.
• Website software: The riskiest software used by websites in 2010 was the popular blogging platform WordPress. Tens of thousands of unpatched WordPress blogs were used by cybercriminals for various schemes, primarily as part of redirection chains that led to various malware attacks or other blackhat search engine optimization (SEO)-related schemes.
• IP: The most dangerous IP used in 2010 was Internet Relay Chat (IRC). Thirty percent of all botnets used IRC to communicate with infected machines and their command-and-control (C&C) servers. Fortunately, blocking IRC use in networks reliably stops botnets.
• OS: The riskiest OS used was Apple’s Mac OS X. In November, Apple sent users a massive maintenance release that weighed in at at least 644.48MB. The weighty upgrade included fixes for multiple security vulnerabilities since the previous update released in mid-June. Apple’s penchant for secrecy and longer patch cycles also increased the risk for users.
• Website: The most dangerous website in the world was Google. Its tremendous popularity led cybercriminals to target it specifically for blackhat SEO-related schemes, which in turn, led users to significant malware threats, particularly FAKEAV. In addition, Google’s ad network was also frequently victimized by malvertisements.
• Social network: In another case wherein popularity led to danger, Facebook could be considered the most dangerous social networking site around. Everything from survey scams to KOOBFACE malware proliferation ensued on the site, as cybercriminals went where the people were, that is, Facebook.
• Top-level domain: The most dangerous top-level domain in the world was CO.CC, which allowed cybercriminals to register thousands of domains on the fly with very little in the way of verification. This, along with Russian ISPs that routinely refused to shut down malicious sites, made for a very dangerous combination.
• File format: PDF was the riskiest file format in 2010, as Adobe Acrobat and Reader vulnerabilities routinely became part of exploit toolkits.
• Runtime environment: The most dangerous runtime environment for users in 2010 was Internet Explorer (IE) with scripting enabled. Even today, most browser exploits specifically target IE. However, Java is quickly becoming a more prominent target and could become the prime target in 2011.
• Infection channel: The most common infection channel was still the browser, as more than two-thirds of all infections used this as infection vector. Previous infection methods like flash disks and spammed messages were still around but were less prominent than before.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!

Share this article

This entry was posted on Wednesday, December 29th, 2010 at 5:00 am and is filed under News, Security . Both comments and pings are currently closed.

55 Responses to “2010 in Review: 2010′s Most Dangerous List”

1. TreX Says:
   January 4th, 2011 at 4:22 am

   The worst malware is called Microsoft, and includes Windows, Internet Explorer, Outlook, etc.

   Windows has almost 85,000 viruses reported and growing each day.

   Mac has virtually no viruses, besides the concept ones, which do not exist in the wild.

   It is typical for a Windows user to have to reformat the hard disk every year or so to get rid of malware. And that is a real pain, since it means re-installing every application from scratch.

   Mac users do not have to worry about all that. It just works!

   Get the facts!

2. Eric Says:
   January 4th, 2011 at 12:55 pm

   While I appreciate the risk list, I question its accuracy. You list WordPress as the "riskiest website software" because people were running unpatched, insecure versions. That would be like listing Schlage as the riskiest door locks because people's houses were broken into when they left their doors unlocked.

   There's a significant difference between software that's risky by nature, and software that becomes risky when the user fails to maintain it.

3. Anon Says:
   January 4th, 2011 at 3:06 pm

   This is nothing but poorly filtered data not taking into account the user levels and popularity of the systems being used.

   I'm really surprised that you've fallen foul of one of the most basic aspects of mining and filtering statistical data.
   Google might be the most dangerous search engine, simply because it has such a large share of the market.
   It's like suggesting driving is more dangerous than parachuting simply because more people do it!

   Shame on you for being so ridiculous.

4. DWalla Says:
   January 4th, 2011 at 7:40 pm

   Must……. sell…….. software……..

   Must……. create…… fear…….

   Mac users….. aren't you afraid?….. let us soothe your fears for $49.95

5. Michael Ch'ng Says:
   January 5th, 2011 at 12:52 am

   However your blog is using wordpress as well… Is that is failed action ?

6. Richard Says:
   January 5th, 2011 at 4:06 am

   Topping the list of "2010's Most Dangerous List" should be uneducated and ignorant computer users.

7. michel v Says:
   January 6th, 2011 at 6:45 am

   Let's stop spam by blocking SMTP on our networks too, while we're at it.

   Serious business.

8. Rob Says:
   January 6th, 2011 at 8:26 pm

   Actually Michael, that's not a bad idea. I routinely block all smtp traffic leaving my network that doesn't originate from my mail server. I get complaints that user's POP accounts don't work, but my IPs don't get blacklisted when the user's hit with a spambot!

9. Rob Says:
   January 6th, 2011 at 8:34 pm

   Secondly, have you ever tried to diagnose a malware infected Mac? For everyone who thinks there isn't any, wake up. I have now cleaned 2 Macs after being ridden with viruses. I have also had to format 1 of these same macs because a hacker had compromised the system, and was attempting to pull cookie data from safari. Macs users without antivirus software can also send virus ridden messages to windows machines unwittingly. (Admittingly not as common now as it used to be.)

   In any case, it's time that Apple started paying attention and patching their systems on a more regular basis, and for users to get off the holier-than-thou mentality. I'm not saying there's not 14million more viruses for windows, but the Mac has never been a super-secure system. It's simply been to small to bother targeting. As that changes, we'll continue to see more attacks and compromises of Apple systems. So TreX…

   "Get the facts!!"

10. Afgan Says:
    January 6th, 2011 at 9:32 pm

    Trex what a ham you are to think Mac is safe and windows is not i have run windows and mac and 1. have not had to format my hdd in the windows machine every year as i dont visit hack sites or software piracy sites or facebook i dont get infected. thus use the machine with a good virus software and you wont be virused.
    2. my mac has had exploits and have had to reinstall the OS… no virus software there is there.
    dont "fact" us unless you know the facts.

11. Michel Vasic Says:
    January 7th, 2011 at 10:58 pm

    Hum. Not sure you remember how risk is evaluated.

    Risk = impact x probability.

    Probabilities is usually linked to the popularity of a platform more than to the number of vulnerabilities of that platform. Have 1 "zero-day vulnerability" on Windows/IE and it will be used immediately by exploits. Have 10 on Mac OS, no exploit will appear.
    So applying the formula fairly will certainly rate Microsoft Windows higher than Apple’s Mac OS X in terms of risky platform.

12. Denise Says:
    January 10th, 2011 at 7:53 pm

    Use a good browser, use tools to prevent unwanted scripts from running, use a good anti-virus program and keep it updated, and don't click on every link you see just because it "looks" interesting. Don't download any program unless you get it from the publisher, and you check out the reviews for said publisher.

13. Alleged_Accomplice Says:
    January 11th, 2011 at 8:58 am

    Anything is dangerous in the wrong hands. When I first got a computer in 98 I could be had for any price. Now I know I can get anything I want without the hassles, viruses, trojans and everything else I used to go through just to get something I wanted online. Knowing where to look and not look, paying attention to the warning given off by my browser and my anti virus. I had back then ignored warnings at times and paid the price.

    I've been thinking lately that maybe teaching new users how to get to the things they want in a safe way would be a good idea. These things aren't always legal like stolen content or all that good, porn. As it is they go through the same cycle I did and infect themselves and others in the process until they learn where to get what they are after without getting something they aren't after.

    The biggest name anti virus software isn't the best for many users. They are well known and hackers have learned to beat them. They are made for complete idiots to use, they don't take into account the fact that some idiots are incomplete, have many missing parts like I used to.

    Facebook I won't go into except to say its all about becoming famous for absolutely nothing and people will never stop wanting that.

14. Alan G Says:
    January 14th, 2011 at 11:02 pm

    @TreX: I've known a lot of computer users over the years — several hundred. Most of them run Windows, a few have Macs. Once in fifteen years I've seen an idiot who had Windows updates turned off, ran no anti-malware, and for him there was no salvaging his system. In more than 25 years on DOS and Windows, I've not once had a virus, trojan, keylogger or other malware. Less than 5 people — all very uneducated — out of hundreds I've known and worked with have ever had to combat a malware infestation.

    The unquestioning acceptance of Apple's PR and marketing that your post exhibits is a bit scary. You should not let other people do your thinking for you, especially when they are being paid to make you think a certain way. Find out for yourself. Go look. And don't forget: a fixed idea is as good as a blindfold.

15. Chris Says:
    January 15th, 2011 at 8:55 am

    To second many points above, this list seems poorly written, ill researched and generally put together to create fear to sell software.

    You can't just say things are dangerous because idiots use them! You could say a Ferrari is the worlds most dangerous car because it can go so fast. But in the right hands it's a whole lot less dangerous than a Vauxhall Nova driven by a drunk boy racer. And there's a lot less chance for the boy racer to get his hands on the Ferrari.

    Better research and stats to back up the list in future might make it worth reading.

16. kompix Says:
    January 20th, 2011 at 4:38 am

    @trex, why don't you get the facts yourself before you post your comment. saying that Mac users do not have to worry about security stuff when apple indeed sent users a massive maintenance release weighing 644.48MB is just hilarious… you don't know anything about security, do you?

17. dE Says:
    January 31st, 2011 at 1:47 am

    Apple at least cares to fix the updates, MS dudes don't even care… they just care money. There are tons more security vulnerabilities in Win that ain't even known. Why will a crackers revile it? Why will anyone revile it in the money minded developer community of MS? They wanna get paid for every character they code and end up making rubbish software in the process.

    BTW, why do you think Trend Micro will even write Windows here… to make MS slaves like you quit Windows and leave and dump their shiny 'antivirus' software?

18. Patrick Says:
    February 7th, 2011 at 1:45 am

    TreX wrote:
    It is typical for a Windows user to have to reformat the hard disk every year or so to get rid of malware…

    TreX that only applies to users who have hit thier heads on something. Since 1994, I have reformatted twice. Once to replace the Dell installation on my AMD X2 with a clean Windows install. The second, ditto for my new AMD X3.

Trackbacks

1. TrendLabs (TrendLabs)
2. 2020plus1 (Alan Potts)
3. [EN] Hardware, aplicaciones y servicios más vulnerables del 2010
4. Google was world’s most dangerous website in 2010
5. Google was the world’s most dangerous website in 2010
6. The Most Dangerous OS: Mac OS X | ConceivablyTech
7. ‘Site Google Gevaarlijkste site ter Wereld’ |
8. جوجل من أخطر المواقع سنة 2010 | عالم جوجل
9. Google was the world’s most dangerous website in 2010 | roboword
10. What were the greatest risks online in 2010? | We Watch Your Website - so you don't have to!
11. What were the greatest risks online in 2010? | ListFree.org
12. Is OS X Dangerous For Users?
13. Google и WordPress са най-опасните сайтове в света за 2010 г. | NewTrend.bg
14. Najopasniji operativni sistem Mac OS X | Republika
15. Najopasniji Mac OS X | BalkanCafe
16. Mac OS X crowned most dangerous OS in 2010 – DRS | Derangedshaman.com
17. 2010 in Review: 2010′s Most Dangerous List | Threat Trend Security News
18. WordPress As Riskiest Web Software In 2010 « Weblog Tools Collection
19. Google foi o site mais perigoso de 2010
20. BuddeBlog » Blog Archive » ICT’s dangerous items listBuddeBlog
21. Google tops list of web’s most dangerous « new media monthly
22. Mac OS X は危ない OS « やっぱりマックでしょ！
23. Colobe IT Solution-Leonardo » Blog Archive » Google é um dos sites mais perigosos de 2010
24. Google é um dos sites mais perigosos de 2010 | F2 - Sistemas
25. Lo peor del 2010 | JuandaBIT
26. Google é apontado como um dos sites mais perigosos de 2010 | F2 - Sistemas
27. Trend Micro Asia Pacific Newsletters Library - 2010 in Review: 2010′s Most Dangerous List
28. Top 10 des technos à risques en 2010
29. جوجل والوردبريس والفيسبوك في قائمة الأكثر خطورة لعام 2010
30. Listado de las amenazas más peligrosas durante 2010 » blog.trendmicro.es
31. Top 10 des technos à risques en 2010 | 1 jour 1 post
32. The Most Dangerous Tech Items Of 2010 | PCMech
33. عَ سريع » جوجل والوردبريس والفيس بوك في قائمة “الأكثر خطورة” لعام 2010
34. Social Media Marketing HQ | Learn Social Media From the Industry's Brightest Minds » WordPress Blog Claims WordPress Is The Riskiest Web Software?
35. WordPress Blog Claims WordPress Is The Riskiest Web Software? | Chrome9
36. WTF : Top 10 chez Trend Micro… | Linux-backtrack.com
37. Google, Facebook Top 2010 Most Dangerous List | GovCon Executive