January 24, 2011, 4:11 PM — Just as computing power rushes to the cloud and users' attention shifts from PCs to their mobile devices and social networks -- so does the focus of the bad guys.
Consider the Bohu Trojan recently spotted in China by Microsoft security researchers Jingli Li and Zhitao Zhou. This Trojan blocks connections to cloud anti-virus applications from customers' Windows systems, and has been active against common anti-virus vendors in that country, according to a Microsoft blog post.
"Hackers will try to exploit peoples' attention no matter where it resides," say Rafal Los, security evangelist at HP.
Makes sense that attackers will go were users -- and money -- reside. Consider the most recent rendition of the Zeus Trojan that is aiming squarely at payment services and relatively obscure financial exchanges. According to Israeli security firm Trusteer, these botnet owners are targeting providers such as Money Bookers, Web Money, Nochex, Netspend, and E-Gold. "We believe that customers of all sites where purchases are involved need to protect their PC or access terminal, using secure browsing services and solutions that specialize in protecting online payments and online banking," wrote Amit Klein in the company's blog. "Retailers and payment providers, meanwhile, need to assess the risk associated with their customers' endpoint devices."
That's certainly a valid point, considering how persistently attackers are targeting social networks and the applications emerging around them. Late last week, Twitter was hit with an attack where user accounts were hijacked and started distributing links for bogus anti-virus software. The links to the rogue anti-virus applications were obfuscated by Google's goo.gl URL shortener, according to antivirus firm Kaspersky Lab.
"Bear in mind that clicking on random links may lead to severe infection of your machine," Kaspersky Lab's Nicolas Brulez wrote in a description of the attack.