Cloud-based malware looms large on the horizon

Cloud computing could enable hackers to launch more sophisticated attacks

The cloud will increasingly be used for malicious purposes in 2009, as malware writers look for more efficient ways to send spam and launch attacks, according to content security vendor Websense.

The firm's Security Labs argued in its predictions for 2009 that the cloud offers malware writers the same benefits as businesses in being easy-to-use, rent-as-you-go and highly scalable.

In this way, it could be used by hackers for sending spam or to launch more sophisticated attacks including hosting malicious code for downloads and testing malicious code, said Websense.

The firm also predicted a rise in the use of rich internet applications (RIAs) for malicious purposes as hackers exploit vulnerabilities in apps such as Google Docs.

"Malicious attackers are always looking for new ways to penetrate systems defences and they will inevitably see RIAs as a potential attack surface," argued Websense chief technology officer Dan Hubbard.

"For IT security personnel that means more applications and technologies to keep updated with patches and workarounds, and new policies to consider.”

Hubbard also suggested 2009 will see hackers moving to a distributed model of controlling botnets and hosting malcode in an attempt to evade capture.

“Malware authors are looking for sustained uptime as much as anyone else and to avoid the reliance on a smaller number of providers who provide the hosting servers/capacity and who, if successfully shut down, could negatively impact the malware author's activities," he explained.

"By spreading their command and control servers and moving to a distributed model we could see attacks sustained for longer, with detection and shut down needing to overcome greater barriers and becoming more time consuming.”

In related news, security vendor Trend Micro has released new statistics highlighting the flourishing illegal trade in compromised information and other items on the black market.

Log in details for Skype accounts sell at just £1 each, while stolen card details start at £25. Malware kits can be sourced for around £700, with advanced packages worth twice that, according to the vendor.