McAfee Incorporation has released its top ten predictions for security threats in 2008. Researchers at McAfee Avert Labs expect an increase in Web dangers and threats targeting Microsoft Corporation Windows Vista operating system, among other new or increased threats. At the same time ad-serving software known as adware is expected to continue to decrease.
Web 2.0
With a handful of high-profile prosecutions of bot herders in 2007, criminals will be seeking better ways to cover their tracks. The Storm Worm set a worrying precedent. Also known as Nuwar, the Storm Worm has been the most versatile malware on record.
Instant malware
The scenario of a “flash” worm via instant messaging applications has been foreshadowed for years. This threat could reach millions of users around the globe in a matter of seconds. There has been malware that spreads via IM, but we have yet to see such a self-executing threat. However, this may be closer than ever as the number of vulnerabilities in popular instant messaging applications more than doubled in 2007 compared to 2006.
Online gaming
The threat to virtual economies is outpacing the growth of the threat to the real economy. As virtual objects continue to gain real value, more attackers will look to capitalise on this.
Vista
In 2008, Windows Vista is set to gain additional market share and cross the 10 per cent barrier. The release of Service Pack 1 for Vista is also likely to accelerate the adoption of the Microsoft operating system. As Vista becomes more prevalent, attackers and malware authors will start in earnest to explore ways to circumvent the operating system’s defenses. There were 19 Vista vulnerabilities reported since its release earlier this year. We can expect a lot more Vista vulnerabilities to be reported in 2008.
Adware
The government crackdown against purveyors of ad-serving software has had a positive effect. The combination of lawsuits, better defenses, and the negative connotation associated with this form of advertising helped start the decline of adware in 2006.
Phishers
Cybercrooks will increasingly target smaller, less-popular sites with data-thieving phishing scams. It has become tougher and riskier to target top-tier sites as the big-name brands are responding more quickly and providing increased security.
Knowing that a large percentage of people reuse their usernames and passwords, less popular sites are likely to be targeted more frequently than before, giving criminals the same access.
Parasitic crimeware
Parasitic infectors are viruses that modify existing files on a disk, injecting code into the file where it resides. While crimeware was storming ahead in recent years, parasitic malware faded to the background. In 2007 several crimeware authors turned old school to deliver threats like Grum, Virut, and Almanahe; parasitic viruses with a monetary mission.
Security vendors will embrace virtualisation to create new, more resilient defenses. Today’s complex threats will be easily defeated, but researchers, professional hackers, and malware authors will begin looking at ways to circumvent the new defensive technology, continuing the classic game of cat and mouse.
VoIP
Already this year, more than double the number of security vulnerabilities have been reported in Voice over IP (Internet Protocol) applications, compared to all of 2006. We have also seen several high-profile “Vishing” attacks and a “phreaking” conviction.
Botnets
With a handful of high-profile prosecutions of bot herders in 2007, criminals will be seeking better ways to cover their tracks. The Storm Worm set a worrying precedent. Also known as Nuwar, the Storm Worm has been the most versatile malware on record.
Storm created the largest peer-to-peer botnet ever. McAfee expects others will ride the coattails of that questionable success, pushing up the number of PCs turned into bots. Bots are computer programmes that give cyber crooks full control over PCs. Bot programmes typically get installed surreptitiously on the PCs of unknowing computer users.
More article at www.elitha-eri.net
KOMENTAR