Virus makers will push into the virgin territories of cell phones, handhelds, and embedded computers, perhaps even those used in cars, IBM's annual security report said this week.

IBM's 2004 Global Business Security Index both summarizes the year past -- something virtually every major security vendor has done during December and January -- and puts the spotlight on the trends it sees for 2005.

One reason why IBM's security consulting group sees malicious code moving into new ground is that users are, to some extent, getting the message about PC security, said David Mackey, the director of IBM's security intelligence services, which produced the report.

"Users are becoming a lot more aware of dangers to their PCs, but they're not nearly as cognitive of those dangers for mobile systems and embedded computers."

Some mobile phone users are already skirmishing with hackers. The most well-known -- and most widespread -- piece of malicious code aimed at phones is Cabir, which spreads via the short-range Bluetooth.

Mackey noted that the source code for Cabir is available to attackers, something which almost always means more editions will be forthcoming as other hackers take up the code, modify it, and release their own worms. Expect "a flurry of copycats [as hackers] use this code as the basis for new worms which could infect via Bluetooth or other mechanisms," Mackey said.

"This year will be a wake-up call for us," said Mackey, on the subject of worms hitting non-desktop, non-server systems.

Attacks against mobile devices, particularly phones but also handhelds, said Mackey, will likely be made against both the end-user, client-side devices -- such as the PDA or phone itself -- and against the network infrastructure.

And like malware in the PC space, he expects that mobile worms and Trojans won't remain in the "nuisance" category for long, but will soon head into the same for-profit model that's driving hacking on the desktop.

"Think about what kind of information they could steal from, say, a PDA," Mackey said. "How much is a salesman's contact list worth, for instance? To a competitor, maybe a lot."

Embedded computers, like those stuffed into automobiles, manufacturing machinery, and cable set-top boxes, are another target IBM expects to see targeted in 2005.

The average new car, IBM said, contains 20 processors and about 60 megabytes of software code, making them possible targets of attacks and other security threats. While a recent media account of a Lexus being infected with a worm via Bluetooth turned out to be bogus, Mackey's convinced that car hacks will come sooner or later.

"Think about the OnStar system," he said referring to the emergency system now offered with many American-made cars.

OnStar uses cellular and GPS technologies to put drivers in touch with help; the OnStar rep can then use GPS to locate the car if, for instance, it's stolen, or to direct emergency services to an accident.

"One of the services that OnStar does is unlock doors. What happens when something like OnStar becomes even more pervasive, and allows things like remote starting of the car? If a hacker gets into that system...."