Adobe To Surpass Microsoft As Hacker Target

Adobe Reader and Flash will surpass Microsoft Office applications as favorite targets of cybercriminals, a security vendor predicted Tuesday.

In unveiling its 2010 Threat Predictions report, McAfee said the growing popularity of the Adobe products has attracted the attention of cybercriminals, who have been increasingly targeting the applications. Adobe Reader and Flash are two of the most widely deployed applications in the world.

As a result of Adobe's success in client software, McAfee Labs believes "Adobe product exploitation will likely surpass that of Microsoft Office applications in 2010."

Security experts for quite a while have warned of the potential security risk posed by Flash. In November, Foreground Security identified a flaw in the way Web browsers handle Flash files that could be used to compromise Web sites that have users submit content.

Beyond Adobe, cybercriminals are also expected to step up efforts next year to crack social networking sites, as well as third-party applications in general. Internet users can expect crooks to use more complex Trojans and botnets to build and execute attacks and to take advantage of HTML 5 to create threats. HTML 5 is the next major revision of hypertext markup language, the core markup language of the Web.

"We're now facing emerging threats from the explosive growth of social networking sites, the exploitation of popular applications, and more advanced techniques used by cybercriminals, but we're confident that 2010 will be a successful year for the cybersecurity community," Jeff Green, senior VP of McAfee labs, said in a statement.

Facebook, Twitter, and the third-party applications that incorporate the social networks have given criminals new technologies to target and exploit. In 2010, users will be most vulnerable to "rogue apps" distributed by criminals across the networks and to crooks that use the names of people on friends lists to get victims to click on unfamiliar links they might otherwise avoid, McAfee said. In addition, the use of abbreviated URLs on sites like Twitter will make it easier for cybercriminals to mask and direct users to malicious Web sites.

The technological advancements of HTML 5 are expected to shift more computing activity from the desktop to online applications. The technology's cross-platform support will make it easier for attackers to reach users across all mainstream browsers, McAfee said.

More sophisticated Trojans will make it possible to make unauthorized withdrawals from online banking accounts that stay below transaction limits, thereby making those withdrawals more difficult for banks to spot. E-mail attachments are expected to remain the most widely used Trojan distribution method, so users can avoid infection by checking on the safety of an attachment before clicking on it.

Regarding botnets, McAfee expects attackers in 2010 to adopt peer-to-peer control, a distributed and resilient botnet infrastructure, rather than the centralized hosting model seen today. The additional cost of the peer-to-peer model is expected to be outweighed by better success against the security community's increasingly aggressive techniques in shutting down and denying access to botnets.

Botnets typically refer to networks of computers that contain malicious software that places the host computer in the control of cybercriminals. The applications, called bots, are secretly deployed through Trojans or exploiting vulnerabilities in Web browsers and other Internet-enabled applications.