Previous Articles >> 76 p.c. of emails from India were spam NETWORK SECURITY: A Layered Approach

Related Articles >> McAfee VirusScan Enterprise 8.0i McAfee announces security risk management strategy

Friday, December 22, 2006

McAfee, Inc has announced its top 10 predictions for security threats in 2007 from its Avert Labs. According to McAfee Avert Labs data, with more than 2,17,000 various types of known threats and thousands more not yet identified, it is clear profe­ssional and organized criminals are increasingly releasing malware.

“Within a short period of time, computers have become an intrinsic and essential part of everyday life, and as a result there is a huge potential for monetary gains by malware writers,” said Jeff Green, Senior VP, McAfee Avert Labs and Product Development. To protect against the above threats and malicious programs, McAfee Avert Labs recommends that to stay protected, both enterprises and consumers constantly stay updated with the latest Data Definition Files (DATs), install the latest patches and implement a multi-layered approach to detect and block attacks.

Password-stealing websites to increase
More attacks that attempt to capture a user's ID and password by displaying a fake sign-in page, and increased targeting of popular online services such as eBay, will become more evident in 2007. As evidenced by the phishing attacks that followed Hurricane Katrina, McAfee Avert Labs also expects more attacks that take advantage of people's willingness to help others in need. In contrast, the number of attacks on ISPs is expected to decline while those aimed at the financial sector will remain steady. 

Spam, particularly image spam, is on the rise
In November 2006, image spam accounted for up to 40 percent of the total spam received, compared to less than 10 percent a year ago. Image spam has been significantly increasing for the last few months and various kinds of spam, typically pump-and-dump stocks, pharmacy and degree spam, are now sent as images rather than text. Image spam is typically three times the size of text-based spam, so this represents a significant increase in the bandwidth used by spam messages.

Video on the web, target for hackers
The increasing use of video formats on social networking sites such as MySpace, YouTube and VideoCodeZone will attract malware writers seeking to easily permeate a wide network. Unlike situations involving e-mail attachments, most users will open media files without hesitation. Furthermore, as video is an easy-to-use format, functionality such as padding, pop-up ads and URL redirects become ideal tools of destruction for malware writers.

In combination, these issues make malicious coders likely to achieve a high degree of effectiveness with media malware. The W32/Realor worm, discovered in early November 2006 by McAfee Avert Labs, is a recent incident of media malware. The worm could launch malicious websites without user prompting, potentially exposing users to bots or password-stealers loaded onto these sites.

More mobile attacks
Mobile threats will continue to grow as platform convergence continues. The use of smart­phone technology has played a pivotal role in the threat's transition from multifunction, semi-stationary PCs to palm-sized 'wearable' devices. With increased connectivity through BlueTooth, SMS, instant messaging, e-mail, Wi-Fi, USB, audio, video and web, there are more possibilities for cross device contamination.

2006 saw efforts by mobile malware authors to achieve PC-to-phone and phone-to-PC infection vectors. The PC-to-phone vector was achieved
with the creation of MSIL/Xrove.A, a .NET malware that can infect a smartphone via ActiveSync.

SMiShing, which involves taking the techniques of phishing by e-mail and porting them to SMS (SMiShing instead of phishing), is also expected to increase in prevalence. In addi­tion, for-profit mobile malware is expected to increase in 2007. J2ME/Redbrowser is a Trojan horse program that pretends to access Wireless Access Protocol (WAP) web pages via SMS messages. In reality, instead of retrieving WAP pages, it sends SMS messages to premium rate numbers, thus costing the user more than intended.

Adware will go mainstream
In 2006, McAfee Avert Labs saw an increase in commercial Potentially Unwanted Programs (PUPs), and an even larger increase in related types of malicious Trojans, particularly keyloggers, password-stealers, bots and backdoors. In addition, misuse of commercial software by malware with remotely controlled deployment of adware, keyloggers and remote control software is on the rise.

Identity theft and data loss
At the root of identity theft crime is often computer theft, loss of backups or compromised information systems. While the number of victims is likely to remain relatively stable, company disclosures of lost or stolen data, increasing incidents of cyber thefts and hacking into retailer, processor and ATM systems and reports of stolen laptops that contain confidential data will continue to keep this topic of public concern.

McAfee Avert Labs also predicts that unauthorized transmission of information will become more of a risk for enterprises in the area of data loss and noncompliance.

Bots will increase
Bots, computer programs that perform automated tasks, are on the rise. But it will move away from Internet Relay Chat-based communication mechanisms and towards less obtrusive ones. In the last few years, there has been increasing interest within the virus-writing community in IRC threats. This was due to the power afforded by the IRC scripting language and the ease of coordinating infected machines from a chat-room type of structure.

'Mules' will also continue to be an important aspect in bot-related money making schemes. These are work-at-home type jobs which are offered through very professional-looking web­sites, through classified ads, and even through instant messaging. These are a crucial part of the reason so many bots are able to be run from places around the globe. In order to get merchandise (often to resell) or cash with stolen credit card credentials, the thieves have to go through more strict regulations if the goods are going to another country. To get around these regulations, they use mules within those originating countries.

Parasitic malware making a comeback
Even though parasitic malware accounts for less than 10 percent of all malware (90 percent of malware is static), it seems to be making a comeback. Parasitic infectors are viruses that modify existing files on a disk, injecting code into the file where it resides. When the user runs the infected file, the virus runs too. W32/Bacalid, W32/Polip and W32Detnat are three popular polymorphic parasitic file infectors identified in 2006
that have stealth capabilities and attempt to download Trojans from compromised websites.

Rootkits will increase on 32-bit platforms
Protection and remediation capabilities will increase as well. On 64-bit platforms, particularly Vista, malware trends are difficult to predict pending uptake rates for the 64-bit platform, but in general McAfee Avert Labs expect:

• A reduction in kernel-mode rootkits, at least in the short-term, while malware authors invent new techniques designed to subvert PatchGuard
• An increase in user-mode rootkits, and user-mode malware in general, or at least higher impact of 64-bit malware, as more advanced heuristic and behavioral techniques provided by most advanced security software is itself hindered by PatchGuard. 
  

Vulnerabilities cause concern
The number of disclosed vulnerabilities is expected to rise in 2007. Thus far in 2006, Microsoft has announced 140 vulnerabilities through its monthly patch program. McAfee Avert Labs expects this number to grow due to the increased use of fuzzers, which allow for large scale testing of applications, and due to the bounty program that rewards researchers for finding vulnerabilities.

Source: McAfee Avert Labs release