By Matt Hines  |  Posted 2006-11-29 Print this article Print

Marcus said that hackers will specifically target music and video MPEG files as a manner for hiding their code. The researcher highlighted the recent discovery of the W32.Realor worm virus, which is hidden in multimedia files and can launch malicious Web sites on infected machines without user prompting, as the type of attack his company expects to see more often.

In a recent test of the content stored at popular file-sharing sites such as LimeWire and BitTorrent, nearly one-third of the materials had hidden Web site redirects onboard, although few of the related URLs were ultimately found to be malicious in nature, the researcher said. However, as hackers catch on to the notion of embedding attacks in multimedia files, he expects malicious activity based on the technique to take off.

"With Realor, people thought they were downloading multimedia files, but they were also having their browsers redirected to Web sites with malicious code," Marcus said. "In this approach, malware writers are putting malicious content in place of legitimate content in a format thats very effective; its very easy to embed malware content into this type of file and people will download without ever thinking about the security risk. Combined with the popularity of peer-to-peer, instant messaging [and] other media sharing sites, theres definitely a cause for concern."

Another emerging target for attacks are mobile devices, specifically driven by the growing adoption of smart phones, which offer more PC-like functionality and data storage capabilities that many of todays popular handhelds. As more users adopt smart phones that use the same operating system software, made by companies including Microsoft, Research In Motion and Symbian, it will make it easier for hackers to target larger groups of users with mobile malware, according to McAfee.

In terms of malware itself, Marcus said that McAfee expects parasitic attacks, or viruses that modify existing files on a disk, to begin making a comeback. While such attacks account for only 10 percent of all viruses charted today, the ability of hackers to hide the threats easily, including rootkit attacks, is expected to inspire more of the parasitic viruses.

McAfee specifically expects the number of rootkits aimed at 32-bit platforms to increase, but the company said that efforts to protect against and remediate the attacks will also ramp up significantly over the next year.

In another nod to the professionalism of attackers, McAfee researchers said they also expect to see underground markets for malicious software code and software vulnerability data continue to spread out.

Those issues, along with the distributed nature of the attackers themselves, will only make it harder for law enforcement officials to track down and prosecute individuals responsible for creating IT threats, Marcus said.

"Worldwide we dont have worm outbreaks like we saw in 2004, since the goal now for the malware code writers is making money through stolen data or adware, and we see more stealth software like rootkits and static code dropped on the machine to go about doing their tasks in secret," he said. "Organizations like the FBI and Secret Service have been on the forefront of looking at all this as being created by professional organizations, but its a very borderless situation, which makes it that much harder to find people and prosecute them."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel