Botnets on cell phones in 2009?

About 15 percent of all online computers are infected with bots, says a new report (PDF) on emerging threats for 2009 from Georgia Tech Information Security Center. And according to Patrick Traynor, assistant professor at Georgia Tech's School of Computer Science, "We'll start to see the botnet problem infiltrate the mobile world in 2009."

In Traynor's view, if botnets, or large networks of infected computing devices, gain a foothold on mobile devices, they could be used to create a distributed denial of service attack on the cellular network itself, inconveniencing thousands of cell-phone customers.

But the future need not be so dire.

"Because the mobile communications field is evolving so quickly, it presents a unique opportunity to design security properly--an opportunity we missed with the PC," he wrote in the report.

Most people keep their PCs and operating system for years, up to 10 years in some cases. Most people buy a new mobile phone every 2 years, on average.

"The short life cycle of mobile devices gives manufacturers, developers, and the security community an opportunity to learn what works from a security standpoint and apply it to devices and applications more quickly," wrote Traynor.

According to the report, researchers like Traynor expect standards for handset security to emerge within the next 12 months.

The report also called out four other areas of concern: greater prevalence of social-networking malware such as a recent botnet risk reported on Facebook, user-specific VoIP attacks such as the one presented recently at Toorcon, cyber-warfare such as the recent denial-of-service attacks against the nation of Georgia, and a maturing cybercrime economy like that in recent reports of "crimeware-as-a-service" packages for sale on the Internet.